💾 Archived View for clemat.is › saccophore › library › ebooks › hacker_crackdown › part3.txt captured on 2022-06-04 at 00:48:03.

View Raw

More Information

⬅️ Previous capture (2021-12-03)

-=-=-=-=-=-=-





  ************ PPaarrtt TThhrreeee:: LLaaww aanndd OOrrddeerr ************

  Of the various anti-hacker activities of 1990, "Operation Sundevil"
  had by far the highest public profile. The sweeping, nationwide
  computer seizures of May 8, 1990 were unprecedented in scope and
  highly, if rather selectively, publicized.
  Unlike the efforts of the Chicago Computer Fraud and Abuse Task
  Force, "Operation Sundevil" was not intended to combat "hacking" in
  the sense of computer intrusion or sophisticated raids on telco
  switching stations. Nor did it have anything to do with hacker
  misdeeds with AT&T's software, or with Southern Bell's proprietary
  documents.
  Instead, "Operation Sundevil" was a crackdown on those traditional
  scourges of the digital underground: credit-card theft and telephone
  code abuse. The ambitious activities out of Chicago, and the
  somewhat lesser-known but vigorous antihacker actions of the New
  York State Police in 1990, were never a part of "Operation Sundevil"
  per se, which was based in Arizona.
  Nevertheless, after the spectacular May 8 raids, the public, misled
  by police secrecy, hacker panic, and a puzzled national press-corps,
  conflated all aspects of the nationwide crackdown in 1990 under the
  blanket term "Operation Sundevil." "Sundevil" is still the best-
  known synonym for the crackdown of 1990. But the Arizona organizers
  of "Sundevil" did not really deserve this reputation -- any more,
  for instance, than all hackers deserve a reputation as "hackers."
  There was some justice in this confused perception, though. For one
  thing, the confusion was abetted by the Washington office of the
  Secret Service, who responded to Freedom of Information Act requests
  on "Operation Sundevil" by referring investigators to the publicly
  known cases of Knight Lightning and the Atlanta Three. And
  "Sundevil" was certainly the largest aspect of the Crackdown, the
  most deliberate and the best-organized. As a crackdown on electronic
  fraud, "Sundevil" lacked the frantic pace of the war on the Legion
  of Doom; on the contrary, Sundevil's targets were picked out with
  cool deliberation over an elaborate investigation lasting two full
  years.
  And once again the targets were bulletin board systems.
  Boards can be powerful aids to organized fraud. Underground boards
  carry lively, extensive, detailed, and often quite flagrant
  "discussions" of lawbreaking techniques and lawbreaking activities.
  "Discussing" crime in the abstract, or "discussing" the particulars
  of criminal cases, is not illegal -- but there are stern state and
  federal laws against coldbloodedly conspiring in groups in order to
  commit crimes.
  In the eyes of police, people who actively conspire to break the law
  are not regarded as "clubs," "debating salons," "users' groups," or
  "free speech advocates." Rather, such people tend to find themselves
  formally indicted by prosecutors as "gangs," "racketeers," "corrupt
  organizations" and "organized crime figures."
  What's more, the illicit data contained on outlaw boards goes well
  beyond mere acts of speech and/or possible criminal conspiracy. As
  we have seen, it was common practice in the digital underground to
  post purloined telephone codes on boards, for any phreak or hacker
  who cared to abuse them. Is posting digital booty of this sort
  supposed to be protected by the First Amendment? Hardly -though the
  issue, like most issues in cyberspace, is not entirely resolved.
  Some theorists argue that to merely recite a number publicly is not
  illegal - only its use is illegal. But anti-hacker police point out
  that magazines and newspapers (more traditional forms of free
  expression) never publish stolen telephone codes (even though this
  might well raise their circulation).
  Stolen credit card numbers, being riskier and more valuable, were
  less often publicly posted on boards -- but there is no question
  that some underground boards carried "carding" traffic, generally
  exchanged through private mail.
  Underground boards also carried handy programs for "scanning"
  telephone codes and raiding credit card companies, as well as the
  usual obnoxious galaxy of pirated software, cracked passwords, blue-
  box schematics, intrusion manuals, anarchy files, porn files, and so
  forth.
  But besides their nuisance potential for the spread of illicit
  knowledge, bulletin boards have another vitally interesting aspect
  for the professional investigator. Bulletin boards are cram-full of
  evidence. All that busy trading of electronic mail, all those hacker
  boasts, brags and struts, even the stolen codes and cards, can be
  neat, electronic, realtime recordings of criminal activity. As an
  investigator, when you seize a pirate board, you have scored a coup
  as effective as tapping phones or intercepting mail. However, you
  have not actually tapped a phone or intercepted a letter. The rules
  of evidence regarding phone-taps and mail interceptions are old,
  stern and wellunderstood by police, prosecutors and defense
  attorneys alike. The rules of evidence regarding boards are new,
  waffling, and understood by nobody at all.
  Sundevil was the largest crackdown on boards in world history. On
  May 7, 8, and 9, 1990, about fortytwo computer systems were seized.
  Of those forty- two computers, about twenty-five actually were
  running boards. (The vagueness of this estimate is attributable to
  the vagueness of (a) what a "computer system" is, and (b) what it
  actually means to "run a board" with one -- or with two computers,
  or with three.)
  About twenty-five boards vanished into police custody in May 1990.
  As we have seen, there are an estimated 30,000 boards in America
  today. If we assume that one board in a hundred is up to no good
  with codes and cards (which rather flatters the honesty of the
  board-using community), then that would leave 2,975 outlaw boards
  untouched by Sundevil. Sundevil seized about one tenth of one
  percent of all computer bulletin boards in America. Seen
  objectively, this is something less than a comprehensive assault. In
  1990, Sundevil's organizers -- the team at the Phoenix Secret
  Service office, and the Arizona Attorney General's office -had a
  list of at least three hundred boards that they considered fully
  deserving of search and seizure warrants. The twenty- five boards
  actually seized were merely among the most obvious and egregious of
  this much larger list of candidates. All these boards had been
  examined beforehand -- either by informants, who had passed
  printouts to the Secret Service, or by Secret Service agents
  themselves, who not only come equipped with modems but know how to
  use them.
  There were a number of motives for Sundevil. First, it offered a
  chance to get ahead of the curve on wire-fraud crimes. Tracking back
  credit-card ripoffs to their perpetrators can be appallingly
  difficult. If these miscreants have any kind of electronic
  sophistication, they can snarl their tracks through the phone
  network into a mind-boggling, untraceable mess, while still managing
  to "reach out and rob someone." Boards, however, full of brags and
  boasts, codes and cards, offer evidence in the handy congealed form.
  Seizures themselves -- the mere physical removal of machines -
  - tends to take the pressure off. During Sundevil, a large number of
  code kids, warez d00dz, and credit card thieves would be deprived of
  those boards -- their means of community and conspiracy -- in one
  swift blow. As for the sysops themselves (commonly among the boldest
  offenders) they would be directly stripped of their computer
  equipment, and rendered digitally mute and blind.
  And this aspect of Sundevil was carried out with great success.
  Sundevil seems to have been a complete tactical surprise -- unlike
  the fragmentary and continuing seizures of the war on the Legion of
  Doom, Sundevil was precisely timed and utterly overwhelming. At
  least forty "computers" were seized during May 7, 8 and 9, 1990, in
  Cincinnati, Detroit, Los Angeles, Miami, Newark, Phoenix, Tucson,
  Richmond, San Diego, San Jose, Pittsburgh and San Francisco. Some
  cities saw multiple raids, such as the five separate raids in the
  New York City environs. Plano, Texas (essentially a suburb of the
  Dallas/Fort Worth metroplex, and a hub of the telecommunications
  industry) saw four computer seizures. Chicago, ever in the
  forefront, saw its own local Sundevil raid, briskly carried out by
  Secret Service agents Timothy Foley and Barbara Golden.
  Many of these raids occurred, not in the cities proper, but in
  associated white-middle class suburbs -- places like Mount Lebanon,
  Pennsylvania and Clark Lake, Michigan. There were a few raids on
  offices; most took place in people's homes, the classic hacker
  basements and bedrooms.
  The Sundevil raids were searches and seizures, not a group of mass
  arrests. There were only four arrests during Sundevil. "Tony the
  Trashman," a longtime teenage bete noire of the Arizona Racketeering
  unit, was arrested in Tucson on May 9. "Dr. Ripco," sysop of an
  outlaw board with the misfortune to exist in Chicago itself, was
  also arrested -- on illegal weapons charges. Local units also
  arrested a 19-year-old female phone phreak named "Electra" in
  Pennsylvania, and a male juvenile in California. Federal agents
  however were not seeking arrests, but computers.
  Hackers are generally not indicted (if at all) until the evidence in
  their seized computers is evaluated -- a process that can take
  weeks, months -even years. When hackers are arrested on the spot,
  it's generally an arrest for other reasons. Drugs and/or illegal
  weapons show up in a good third of anti-hacker computer seizures
  (though not during Sundevil). That scofflaw teenage hackers (or
  their parents) should have marijuana in their homes is probably not
  a shocking revelation, but the surprisingly common presence of
  illegal firearms in hacker dens is a bit disquieting. A Personal
  Computer can be a great equalizer for the techno-cowboy -- much like
  that more traditional American "Great Equalizer," the Personal
  Sixgun. Maybe it's not all that surprising that some guy obsessed
  with power through illicit technology would also have a few illicit
  high-velocity-impact devices around. An element of the digital
  underground particularly dotes on those "anarchy philes," and this
  element tends to shade into the crackpot milieu of survivalists,
  gun-nuts, anarcho-leftists and the ultra- libertarian right-wing.
  This is not to say that hacker raids to date have uncovered any
  major crack-dens or illegal arsenals; but Secret Service agents do
  not regard "hackers" as "just kids." They regard hackers as
  unpredictable people, bright and slippery. It doesn't help matters
  that the hacker himself has been "hiding behind his keyboard" all
  this time. Commonly, police have no idea what he looks like. This
  makes him an unknown quantity, someone best treated with proper
  caution.
  To date, no hacker has come out shooting, though they do sometimes
  brag on boards that they will do just that. Threats of this sort are
  taken seriously. Secret Service hacker raids tend to be swift,
  comprehensive, well-manned (even overmanned); and agents generally
  burst through every door in the home at once, sometimes with drawn
  guns. Any potential resistance is swiftly quelled. Hacker raids are
  usually raids on people's homes. It can be a very dangerous business
  to raid an American home; people can panic when strangers invade
  their sanctum. Statistically speaking, the most dangerous thing a
  policeman can do is to enter someone's home. (The second most
  dangerous thing is to stop a car in traffic.) People have guns in
  their homes. More cops are hurt in homes than are ever hurt in biker
  bars or massage parlors.
  But in any case, no one was hurt during Sundevil, or indeed during
  any part of the Hacker Crackdown.
  Nor were there any allegations of any physical mistreatment of a
  suspect. Guns were pointed, interrogations were sharp and prolonged;
  but no one in 1990 claimed any act of brutality by any crackdown
  raider.
  In addition to the forty or so computers, Sundevil reaped floppy
  disks in particularly great abundance -- an estimated 23,000 of
  them, which naturally included every manner of illegitimate data:
  pirated games, stolen codes, hot credit card numbers, the complete
  text and software of entire pirate bulletin- boards. These floppy
  disks, which remain in police custody today, offer a gigantic,
  almost embarrassingly rich source of possible criminal indictments.
  These 23,000 floppy disks also include a thus-far unknown quantity
  of legitimate computer games, legitimate software, purportedly
  "private" mail from boards, business records, and personal
  correspondence of all kinds.
  Standard computer-crime search warrants lay great emphasis on
  seizing written documents as well as computers -- specifically
  including photocopies, computer printouts, telephone bills, address
  books, logs, notes, memoranda and correspondence. In practice, this
  has meant that diaries, gaming magazines, software documentation,
  nonfiction books on hacking and computer security, sometimes even
  science fiction novels, have all vanished out the door in police
  custody. A wide variety of electronic items have been known to
  vanish as well, including telephones, televisions, answering
  machines, Sony Walkmans, desktop printers, compact disks, and
  audiotapes.
  No fewer than 150 members of the Secret Service were sent into the
  field during Sundevil. They were commonly accompanied by squads of
  local and/or state police. Most of these officers -especially the
  locals -- had never been on an antihacker raid before. (This was one
  good reason, in fact, why so many of them were invited along in the
  first place.) Also, the presence of a uniformed police officer
  assures the raidees that the people entering their homes are, in
  fact, police. Secret Service agents wear plain clothes. So do the
  telco security experts who commonly accompany the Secret Service on
  raids (and who make no particular effort to identify themselves as
  mere employees of telephone companies).
  A typical hacker raid goes something like this. First, police storm
  in rapidly, through every entrance, with overwhelming force, in the
  assumption that this tactic will keep casualties to a minimum.
  Second, possible suspects are immediately removed from the vicinity
  of any and all computer systems, so that they will have no chance to
  purge or destroy computer evidence. Suspects are herded into a room
  without computers, commonly the living room, and kept under guard -
  not armed guard, for the guns are swiftly holstered, but under guard
  nevertheless. They are presented with the search warrant and warned
  that anything they say may be held against them. Commonly they have
  a great deal to say, especially if they are unsuspecting parents.
  Somewhere in the house is the "hot spot" -- a computer tied to a
  phone line (possibly several computers and several phones). Commonly
  it's a teenager's bedroom, but it can be anywhere in the house;
  there may be several such rooms. This "hot spot" is put in charge of
  a two-agent team, the "finder" and the "recorder." The "finder" is
  computer-trained, commonly the case agent who has actually obtained
  the search warrant from a judge. He or she understands what is being
  sought, and actually carries out the seizures: unplugs machines,
  opens drawers, desks, files, floppy-disk containers, etc. The
  "recorder" photographs all the equipment, just as it stands -
  - especially the tangle of wired connections in the back, which can
  otherwise be a real nightmare to restore. The recorder will also
  commonly photograph every room in the house, lest some wily criminal
  claim that the police had robbed him during the search. Some
  recorders carry videocams or tape recorders; however, it's more
  common for the recorder to simply take written notes. Objects are
  described and numbered as the finder seizes them, generally on
  standard preprinted police inventory forms.
  Even Secret Service agents were not, and are not, expert computer
  users. They have not made, and do not make, judgements on the fly
  about potential threats posed by various forms of equipment. They
  may exercise discretion; they may leave Dad his computer, for
  instance, but they don't have to. Standard computer-crime search
  warrants, which date back to the early 80s, use a sweeping language
  that targets computers, most anything attached to a computer, most
  anything used to operate a computer -- most anything that remotely
  resembles a computer -- plus most any and all written documents
  surrounding it. Computer-crime investigators have strongly urged
  agents to seize the works.
  In this sense, Operation Sundevil appears to have been a complete
  success. Boards went down all over America, and were shipped en
  masse to the computer investigation lab of the Secret Service, in
  Washington DC, along with the 23,000 floppy disks and unknown
  quantities of printed material.
  But the seizure of twenty-five boards, and the multi-megabyte
  mountains of possibly useful evidence contained in these boards (and
  in their owners' other computers, also out the door), were far from
  the only motives for Operation Sundevil. An unprecedented action of
  great ambition and size, Sundevil's motives can only be described as
  political. It was a public-relations effort, meant to pass certain
  messages, meant to make certain situations clear: both in the mind
  of the general public, and in the minds of various constituencies of
  the electronic community.
  First -- and this motivation was vital -- a "message" would be sent
  from law enforcement to the digital underground. This very message
  was recited in so many words by Garry M. Jenkins, the Assistant
  Director of the US Secret Service, at the Sundevil press conference
  in Phoenix on May 9, 1990, immediately after the raids. In brief,
  hackers were mistaken in their foolish belief that they could hide
  behind the "relative anonymity of their computer terminals." On the
  contrary, they should fully understand that state and federal cops
  were actively patrolling the beat in cyberspace -- that they were on
  the watch everywhere, even in those sleazy and secretive dens of
  cybernetic vice, the underground boards.
  This is not an unusual message for police to publicly convey to
  crooks. The message is a standard message; only the context is new.
  In this respect, the Sundevil raids were the digital equivalent of
  the standard vice-squad crackdown on massage parlors, porno
  bookstores, head-shops, or floating crap-games. There may be few or
  no arrests in a raid of this sort; no convictions, no trials, no
  interrogations. In cases of this sort, police may well walk out the
  door with many pounds of sleazy magazines, X-rated videotapes, sex
  toys, gambling equipment, baggies of marijuana....
  Of course, if something truly horrendous is discovered by the
  raiders, there will be arrests and prosecutions. Far more likely,
  however, there will simply be a brief but sharp disruption of the
  closed and secretive world of the nogoodniks. There will be "street
  hassle." "Heat." "Deterrence." And, of course, the immediate loss of
  the seized goods. It is very unlikely that any of this seized
  material will ever be returned. Whether charged or not, whether
  convicted or not, the perpetrators will almost surely lack the nerve
  ever to ask for this stuff to be given back.
  Arrests and trials -- putting people in jail -- may involve all
  kinds of formal legalities; but dealing with the justice system is
  far from the only task of police. Police do not simply arrest
  people. They don't simply put people in jail. That is not how the
  police perceive their jobs. Police "protect and serve." Police "keep
  the peace," they "keep public order." Like other forms of public
  relations, keeping public order is not an exact science. Keeping
  public order is something of an art-form.
  If a group of tough-looking teenage hoodlums was loitering on a
  street- corner, no one would be surprised to see a street-cop arrive
  and sternly order them to "break it up." On the contrary, the
  surprise would come if one of these ne'er-do-wells stepped briskly
  into a phone-booth, called a civil rights lawyer, and instituted a
  civil suit in defense of his Constitutional rights of free speech
  and free assembly. But something much along this line was one of the
  many anomolous outcomes of the Hacker Crackdown.
  Sundevil also carried useful "messages" for other constituents of
  the electronic community. These messages may not have been read
  aloud from the Phoenix podium in front of the press corps, but there
  was little mistaking their meaning. There was a message of
  reassurance for the primary victims of coding and carding: the
  telcos, and the credit companies. Sundevil was greeted with joy by
  the security officers of the electronic business community. After
  years of high-tech harassment and spiralling revenue losses, their
  complaints of rampant outlawry were being taken seriously by law
  enforcement. No more head- scratching or dismissive shrugs; no more
  feeble excuses about "lack of computer-trained officers" or the low
  priority of "victimless" white-collar telecommunication crimes.
  Computer-crime experts have long believed that computer-related
  offenses are drastically under-reported. They regard this as a major
  open scandal of their field. Some victims are reluctant to come
  forth, because they believe that police and prosecutors are not
  computer-literate, and can and will do nothing. Others are
  embarrassed by their vulnerabilities, and will take strong measures
  to avoid any publicity; this is especially true of banks, who fear a
  loss of investor confidence should an embezzlement-case or wire-
  fraud surface. And some victims are so helplessly confused by their
  own high technology that they never even realize that a crime has
  occurred -- even when they have been fleeced to the bone.
  The results of this situation can be dire. Criminals escape
  apprehension and punishment. The computer-crime units that do exist,
  can't get work. The true scope of computer-crime: its size, its real
  nature, the scope of its threats, and the legal remedies for it -
  - all remain obscured. Another problem is very little publicized,
  but it is a cause of genuine concern. Where there is persistent
  crime, but no effective police protection, then vigilantism can
  result. Telcos, banks, credit companies, the major corporations who
  maintain extensive computer networks vulnerable to hacking -- these
  organizations are powerful, wealthy, and politically influential.
  They are disinclined to be pushed around by crooks (or by most
  anyone else, for that matter). They often maintain well- organized
  private security forces, commonly run by experienced veterans of
  military and police units, who have left public service for the
  greener pastures of the private sector. For police, the corporate
  security manager can be a powerful ally; but if this gentleman finds
  no allies in the police, and the pressure is on from his board-of-
  directors, he may quietly take certain matters into his own hands.
  Nor is there any lack of disposable hired-help in the corporate
  security business. Private security agencies -- the 'security
  business' generally -- grew explosively in the 1980s. Today there
  are spooky gumshoed armies of "security consultants," "rent-acops,"
  "private eyes," "outside experts" -- every manner of shady operator
  who retails in "results" and discretion. Or course, many of these
  gentlemen and ladies may be paragons of professional and moral
  rectitude. But as anyone who has read a hard-boiled detective novel
  knows, police tend to be less than fond of this sort of private-
  sector competition.
  Companies in search of computer-security have even been known to
  hire hackers. Police shudder at this prospect.
  Police treasure good relations with the business community. Rarely
  will you see a policeman so indiscreet as to allege publicly that
  some major employer in his state or city has succumbed to paranoia
  and gone off the rails. Nevertheless, police -- and computer police
  in particular -- are aware of this possibility. Computer-crime
  police can and do spend up to half of their business hours just
  doing public relations: seminars, "dog and pony shows," sometimes
  with parents' groups or computer users, but generally with their
  core audience: the likely victims of hacking crimes. These, of
  course, are telcos, credit card companies and large computerequipped
  corporations. The police strongly urge these people, as good
  citizens, to report offenses and press criminal charges; they pass
  the message that there is someone in authority who cares,
  understands, and, best of all, will take useful action should a
  computer-crime occur. But reassuring talk is cheap. Sundevil offered
  action.
  The final message of Sundevil was intended for internal consumption
  by law enforcement. Sundevil was offered as proof that the community
  of American computer-crime police had come of age. Sundevil was
  proof that enormous things like Sundevil itself could now be
  accomplished. Sundevil was proof that the Secret Service and its
  local law-enforcement allies could act like a welloiled machine --
  (despite the hampering use of those scrambled phones). It was also
  proof that the Arizona Organized Crime and Racketeering Unit -the
  sparkplug of Sundevil -- ranked with the best in the world in
  ambition, organization, and sheer conceptual daring.
  And, as a final fillip, Sundevil was a message from the Secret
  Service to their longtime rivals in the Federal Bureau of
  Investigation. By Congressional fiat, both USSS and FBI formally
  share jurisdiction over federal computer- crimebusting activities.
  Neither of these groups has ever been remotely happy with this
  muddled situation. It seems to suggest that Congress cannot make up
  its mind as to which of these groups is better qualified. And there
  is scarcely a G-man or a Special Agent anywhere without a very firm
  opinion on that topic.

                                   1.
  For the neophyte, one of the most puzzling aspects of the crackdown
  on hackers is why the United States Secret Service has anything at
  all to do with this matter.
  The Secret Service is best known for its primary public role: its
  agents protect the President of the United States. They also guard
  the President's family, the Vice President and his family, former
  Presidents, and Presidential candidates. They sometimes guard
  foreign dignitaries who are visiting the United States, especially
  foreign heads of state, and have been known to accompany American
  officials on diplomatic missions overseas.
  Special Agents of the Secret Service don't wear uniforms, but the
  Secret Service also has two uniformed police agencies. There's the
  former White House Police (now known as the Secret Service Uniformed
  Division, since they currently guard foreign embassies in
  Washington, as well as the White House itself). And there's the
  uniformed Treasury Police Force.
  The Secret Service has been charged by Congress with a number of
  little- known duties. They guard the precious metals in Treasury
  vaults. They guard the most valuable historical documents of the
  United States: originals of the Constitution, the Declaration of
  Independence, Lincoln's Second Inaugural Address, an American-owned
  copy of the Magna Carta, and so forth. Once they were assigned to
  guard the Mona Lisa, on her American tour in the 1960s.
  The entire Secret Service is a division of the Treasury Department.
  Secret Service Special Agents (there are about 1,900 of them) are
  bodyguards for the President et al, but they all work for the
  Treasury. And the Treasury (through its divisions of the U.S. Mint
  and the Bureau of Engraving and Printing) prints the nation's money.
  As Treasury police, the Secret Service guards the nation's currency;
  it is the only federal law enforcement agency with direct
  jurisdiction over counterfeiting and forgery. It analyzes documents
  for authenticity, and its fight against fake cash is still quite
  lively (especially since the skilled counterfeiters of Medellin,
  Columbia have gotten into the act). Government checks, bonds, and
  other obligations, which exist in untold millions and are worth
  untold billions, are common targets for forgery, which the Secret
  Service also battles. It even handles forgery of postage stamps. But
  cash is fading in importance today as money has become electronic.
  As necessity beckoned, the Secret Service moved from fighting the
  counterfeiting of paper currency and the forging of checks, to the
  protection of funds transferred by wire.
  From wire-fraud, it was a simple skip-and-jump to what is formally
  known as "access device fraud." Congress granted the Secret Service
  the authority to investigate "access device fraud" under Title 18 of
  the United States Code (U.S.C. Section 1029).
  The term "access device" seems intuitively simple. It's some kind of
  high-tech gizmo you use to get money with. It makes good sense to
  put this sort of thing in the charge of counterfeiting and wirefraud
  experts.
  However, in Section 1029, the term "access device" is very
  generously defined. An access device is: "any card, plate, code,
  account number, or other means of account access that can be used,
  alone or in conjunction with another access device, to obtain money,
  goods, services, or any other thing of value, or that can be used to
  initiate a transfer of funds."
  "Access device" can therefore be construed to include credit cards
  themselves (a popular forgery item nowadays). It also includes
  credit card account numbers, those standards of the digital
  underground. The same goes for telephone charge cards (an
  increasingly popular item with telcos, who are tired of being robbed
  of pocket change by phone-booth thieves). And also telephone access
  codes, those other standards of the digital underground. (Stolen
  telephone codes may not "obtain money," but they certainly do obtain
  valuable "services," which is specifically forbidden by Section
  1029.)
  We can now see that Section 1029 already pits the United States
  Secret Service directly against the digital underground, without any
  mention at all of the word "computer."
  Standard phreaking devices, like "blue boxes," used to steal phone
  service from old-fashioned mechanical switches, are unquestionably
  "counterfeit access devices." Thanks to Sec.1029, it is not only
  illegal to use counterfeit access devices, but it is even illegal to
  build them. "Producing," "designing" "duplicating" or "assembling"
  blue boxes are all federal crimes today, and if you do this, the
  Secret Service has been charged by Congress to come after you.
  Automatic Teller Machines, which replicated all over America during
  the 1980s, are definitely "access devices," too, and an attempt to
  tamper with their punch-in codes and plastic bank cards falls
  directly under Sec. 1029.
  Section 1029 is remarkably elastic. Suppose you find a computer
  password in somebody's trash. That password might be a "code" -
  - it's certainly a "means of account access." Now suppose you log on
  to a computer and copy some software for yourself. You've certainly
  obtained "service" (computer service) and a "thing of value" (the
  software). Suppose you tell a dozen friends about your swiped
  password, and let them use it, too. Now you're "trafficking in
  unauthorized access devices." And when the Prophet, a member of the
  Legion of Doom, passed a stolen telephone company document to Knight
  Lightning at Phrack magazine, they were both charged under Sec.
  1029!
  There are two limitations on Section 1029. First, the offense must
  "affect interstate or foreign commerce" in order to become a matter
  of federal jurisdiction. The term "affecting commerce" is not well
  defined; but you may take it as a given that the Secret Service can
  take an interest if you've done most anything that happens to cross
  a state line. State and local police can be touchy about their
  jurisdictions, and can sometimes be mulish when the feds show up.
  But when it comes to computercrime, the local police are
  pathetically grateful for federal help -- in fact they complain that
  they can't get enough of it. If you're stealing long-distance
  service, you're almost certainly crossing state lines, and you're
  definitely "affecting the interstate commerce" of the telcos. And if
  you're abusing credit cards by ordering stuff out of glossy catalogs
  from, say, Vermont, you're in for it. The second limitation is
  money. As a rule, the feds don't pursue penny-ante offenders.
  Federal judges will dismiss cases that appear to waste their time.
  Federal crimes must be serious; Section 1029 specifies a minimum
  loss of a thousand dollars. We now come to the very next section of
  Title 18, which is Section 1030, "Fraud and related activity in
  connection with computers." This statute gives the Secret Service
  direct jurisdiction over acts of computer intrusion. On the face of
  it, the Secret Service would now seem to command the field. Section
  1030, however, is nowhere near so ductile as Section 1029. The first
  annoyance is Section 1030(d), which reads:
  "(d) The United States Secret Service shall, in addition to any
  other agency having such authority, have the authority to
  investigate offenses under this section. Such authority of the
  United States Secret Service shall be exercised in accordance with
  an agreement which shall be entered into by the Secretary of the
  Treasury and the Attorney General." (Author's italics.)
  The Secretary of the Treasury is the titular head of the Secret
  Service, while the Attorney General is in charge of the FBI. In
  Section (d), Congress shrugged off responsibility for the computer-
  crime turf-battle between the Service and the Bureau, and made them
  fight it out all by themselves. The result was a rather dire one for
  the Secret Service, for the FBI ended up with exclusive jurisdiction
  over computer break-ins having to do with national security, foreign
  espionage, federally insured banks, and U.S. military bases, while
  retaining joint jurisdiction over all the other computer intrusions.
  Essentially, when it comes to Section 1030, the FBI not only gets
  the real glamor stuff for itself, but can peer over the shoulder of
  the Secret Service and barge in to meddle whenever it suits them.
  The second problem has to do with the dicey term "Federal interest
  computer." Section 1030(a)(2) makes it illegal to "access a computer
  without authorization" if that computer belongs to a financial
  institution or an issuer of credit cards (fraud cases, in other
  words). Congress was quite willing to give the Secret Service
  jurisdiction over money-transferring computers, but Congress balked
  at letting them investigate any and all computer intrusions.
  Instead, the USSS had to settle for the money machines and the
  "Federal interest computers." A "Federal interest computer" is a
  computer which the government itself owns, or is using. Large
  networks of interstate computers, linked over state lines, are also
  considered to be of "Federal interest." (This notion of "Federal
  interest" is legally rather foggy and has never been clearly defined
  in the courts. The Secret Service has never yet had its hand slapped
  for investigating computer break-ins that were not of "Federal
  interest," but conceivably someday this might happen.)
  So the Secret Service's authority over "unauthorized access" to
  computers covers a lot of territory, but by no means the whole ball
  of cyberspatial wax. If you are, for instance, a local computer
  retailer, or the owner of a local bulletin board system, then a
  malicious local intruder can break in, crash your system, trash your
  files and scatter viruses, and the U.S. Secret Service cannot do a
  single thing about it.
  At least, it can't do anything directly. But the Secret Service will
  do plenty to help the local people who can.
  The FBI may have dealt itself an ace off the bottom of the deck when
  it comes to Section 1030; but that's not the whole story; that's not
  the street. What's Congress thinks is one thing, and Congress has
  been known to change its mind. The real turfstruggle is out there in
  the streets where it's happening. If you're a local street-cop with
  a computer problem, the Secret Service wants you to know where you
  can find the real expertise. While the Bureau crowd are off having
  their favorite shoes polished -- (wing-tips) -- and making derisive
  fun of the Service's favorite shoes -- ("pansy-ass tassels") -the
  tassel-toting Secret Service has a crew of readyand-able hacker-
  trackers installed in the capital of every state in the Union. Need
  advice? They'll give you advice, or at least point you in the right
  direction. Need training? They can see to that, too.
  If you're a local cop and you call in the FBI, the FBI (as is widely
  and slanderously rumored) will order you around like a coolie, take
  all the credit for your busts, and mop up every possible scrap of
  reflected glory. The Secret Service, on the other hand, doesn't brag
  a lot. They're the quiet types. Very quiet. Very cool. Efficient.
  High-tech. Mirrorshades, icy stares, radio ear- plugs, an Uzi
  machine-pistol tucked somewhere in that well-cut jacket. American
  samurai, sworn to give their lives to protect our President. "The
  granite agents." Trained in martial arts, absolutely fearless. Every
  single one of 'em has a top-secret security clearance. Something
  goes a little wrong, you're not gonna hear any whining and moaning
  and political buck- passing out of these guys.
  The facade of the granite agent is not, of course, the reality.
  Secret Service agents are human beings. And the real glory in
  Service work is not in battling computer crime -- not yet, anyway -
  - but in protecting the President. The real glamour of Secret
  Service work is in the White House Detail. If you're at the
  President's side, then the kids and the wife see you on television;
  you rub shoulders with the most powerful people in the world. That's
  the real heart of Service work, the number one priority. More than
  one computer investigation has stopped dead in the water when
  Service agents vanished at the President's need.
  There's romance in the work of the Service. The intimate access to
  circles of great power; the espritde-corps of a highly trained and
  disciplined elite; the high responsibility of defending the Chief
  Executive; the fulfillment of a patriotic duty. And as police work
  goes, the pay's not bad. But there's squalor in Service work, too.
  You may get spat upon by protesters howling abuse -- and if they get
  violent, if they get too close, sometimes you have to knock one of
  them down -- discreetly.
  The real squalor in Service work is drudgery such as "the
  quarterlies," traipsing out four times a year, year in, year out, to
  interview the various pathetic wretches, many of them in prisons and
  asylums, who have seen fit to threaten the President's life. And
  then there's the grinding stress of searching all those faces in the
  endless bustling crowds, looking for hatred, looking for psychosis,
  looking for the tight, nervous face of an Arthur Bremer, a Squeaky
  Fromme, a Lee Harvey Oswald. It's watching all those grasping,
  waving hands for sudden movements, while your ears strain at your
  radio headphone for the long- rehearsed cry of "Gun!"
  It's poring, in grinding detail, over the biographies of every
  rotten loser who ever shot at a President. It's the unsung work of
  the Protective Research Section, who study scrawled, anonymous death
  threats with all the meticulous tools of antiforgery techniques.
  And it's maintaining the hefty computerized files on anyone who ever
  threatened the President's life. Civil libertarians have become
  increasingly concerned at the Government's use of computer files to
  track American citizens - - but the Secret Service file of potential
  Presidential assassins, which has upward of twenty thousand names,
  rarely causes a peep of protest. If you ever state that you intend
  to kill the President, the Secret Service will want to know and
  record who you are, where you are, what you are, and what you're up
  to. If you're a serious threat -- if you're officially considered
  "of protective interest" -- then the Secret Service may well keep
  tabs on you for the rest of your natural life.
  Protecting the President has first call on all the Service's
  resources. But there's a lot more to the Service's traditions and
  history than standing guard outside the Oval Office. The Secret
  Service is the nation's oldest general federal law-enforcement
  agency. Compared to the Secret Service, the FBI are new- hires and
  the CIA are temps. The Secret Service was founded 'way back in 1865,
  at the suggestion of Hugh McCulloch, Abraham Lincoln's Secretary of
  the Treasury. McCulloch wanted a specialized Treasury police to
  combat counterfeiting. Abraham Lincoln agreed that this seemed a
  good idea, and, with a terrible irony, Abraham Lincoln was shot that
  very night by John Wilkes Booth.
  The Secret Service originally had nothing to do with protecting
  Presidents. They didn't take this on as a regular assignment until
  after the Garfield assassination in 1881.
  And they didn't get any Congressional money for it until President
  McKinley was shot in 1901. The Service was originally designed for
  one purpose: destroying counterfeiters.

                                   2.
  There are interesting parallels between the Service's nineteenth-
  century entry into counterfeiting, and America's twentieth- century
  entry into computer-crime.
  In 1865, America's paper currency was a terrible muddle. Security
  was drastically bad. Currency was printed on the spot by local banks
  in literally hundreds of different designs. No one really knew what
  the heck a dollar bill was supposed to look like. Bogus bills passed
  easily. If some joker told you that a one-dollar bill from the
  Railroad Bank of Lowell, Massachusetts had a woman leaning on a
  shield, with a locomotive, a cornucopia, a compass, various
  agricultural implements, a railroad bridge, and some factories, then
  you pretty much had to take his word for it. (And in fact he was
  telling the truth!)
  Sixteen hundred local American banks designed and printed their own
  paper currency, and there were no general standards for security.
  Like a badly guarded node in a computer network, badly designed
  bills were easy to fake, and posed a security hazard for the entire
  monetary system.
  No one knew the exact extent of the threat to the currency. There
  were panicked estimates that as much as a third of the entire
  national currency was faked. Counterfeiters -- known as "boodlers"
  in the underground slang of the time -- were mostly technically
  skilled printers who had gone to the bad. Many had once worked
  printing legitimate currency. Boodlers operated in rings and gangs.
  Technical experts engraved the bogus plates -- commonly in basements
  in New York City. Smooth confidence men passed large wads of high-
  quality, highdenomination fakes, including the really sophisticated
  stuff -- government bonds, stock certificates, and railway shares.
  Cheaper, botched fakes were sold or sharewared to low-level gangs of
  boodler wannabes. (The really cheesy lowlife boodlers merely
  upgraded real bills by altering face values, changing ones to fives,
  tens to hundreds, and so on.) The techniques of boodling were
  little-known and regarded with a certain awe by the midnineteenth-
  century public. The ability to manipulate the system for rip-off
  seemed diabolically clever. As the skill and daring of the boodlers
  increased, the situation became intolerable. The federal government
  stepped in, and began offering its own federal currency, which was
  printed in fancy green ink, but only on the back - the original
  "greenbacks." And at first, the improved security of the well-
  designed, well-printed federal greenbacks seemed to solve the
  problem; but then the counterfeiters caught on. Within a few years
  things were worse than ever: a centralized system where all security
  was bad!
  The local police were helpless. The Government tried offering blood
  money to potential informants, but this met with little success.
  Banks, plagued by boodling, gave up hope of police help and hired
  private security men instead. Merchants and bankers queued up by the
  thousands to buy privately-printed manuals on currency security,
  slim little books like Laban Heath's Infallible Government
  Counterfeit Detector. The back of the book offered Laban Heath's
  patent microscope for five bucks. Then the Secret Service entered
  the picture. The first agents were a rough and ready crew. Their
  chief was one William P. Wood, a former guerilla in the Mexican War
  who'd won a reputation busting contractor fraudsters for the War
  Department during the Civil War. Wood, who was also Keeper of the
  Capital Prison, had a sideline as a counterfeiting expert, bagging
  boodlers for the federal bounty money.
  Wood was named Chief of the new Secret Service in July 1865. There
  were only ten Secret Service agents in all: Wood himself, a handful
  who'd worked for him in the War Department, and a few former private
  investigators -- counterfeiting experts -- whom Wood had won over to
  public service. (The Secret Service of 1865 was much the size of the
  Chicago Computer Fraud Task Force or the Arizona Racketeering Unit
  of 1990.) These ten "Operatives" had an additional twenty or so
  "Assistant Operatives" and "Informants." Besides salary and per
  diem, each Secret Service employee received a whopping twenty-five
  dollars for each boodler he captured.
  Wood himself publicly estimated that at least half of America's
  currency was counterfeit, a perhaps pardonable perception. Within a
  year the Secret Service had arrested over 200 counterfeiters. They
  busted about two hundred boodlers a year for four years straight.
  Wood attributed his success to travelling fast and light, hitting
  the bad- guys hard, and avoiding bureaucratic baggage. "Because my
  raids were made without military escort and I did not ask the
  assistance of state officers, I surprised the professional
  counterfeiter."
  Wood's social message to the once-impudent boodlers bore an eerie
  ring of Sundevil: "It was also my purpose to convince such
  characters that it would no longer be healthy for them to ply their
  vocation without being handled roughly, a fact they soon
  discovered."
  William P. Wood, the Secret Service's guerilla pioneer, did not end
  well. He succumbed to the lure of aiming for the really big score.
  The notorious Brockway Gang of New York City, headed by William E.
  Brockway, the "King of the Counterfeiters," had forged a number of
  government bonds. They'd passed these brilliant fakes on the
  prestigious Wall Street investment firm of Jay Cooke and Company.
  The Cooke firm were frantic and offered a huge reward for the
  forgers' plates.
  Laboring diligently, Wood confiscated the plates (though not Mr.
  Brockway) and claimed the reward. But the Cooke company
  treacherously reneged. Wood got involved in a down-and-dirty lawsuit
  with the Cooke capitalists. Wood's boss, Secretary of the Treasury
  McCulloch, felt that Wood's demands for money and glory were
  unseemly, and even when the reward money finally came through,
  McCulloch refused to pay Wood anything. Wood found himself mired in
  a seemingly endless round of federal suits and Congressional
  lobbying.
  Wood never got his money. And he lost his job to boot. He resigned
  in 1869.
  Wood's agents suffered, too. On May 12, 1869, the second Chief of
  the Secret Service took over, and almost immediately fired most of
  Wood's pioneer Secret Service agents: Operatives, Assistants and
  Informants alike. The practice of receiving $25 per crook was
  abolished. And the Secret Service began the long, uncertain process
  of thorough professionalization.
  Wood ended badly. He must have felt stabbed in the back. In fact his
  entire organization was mangled.
  On the other hand, William P. Wood was the first head of the Secret
  Service. William Wood was the pioneer. People still honor his name.
  Who remembers the name of the second head of the Secret Service?
  As for William Brockway (also known as "Colonel Spencer"), he was
  finally arrested by the Secret Service in 1880. He did five years in
  prison, got out, and was still boodling at the age of seventyfour.

                                   3.
  Anyone with an interest in Operation Sundevil - or in American
  computer-crime generally -- could scarcely miss the presence of Gail
  Thackeray, Assistant Attorney General of the State of Arizona.
  Computer-crime training manuals often cited Thackeray's group and
  her work; she was the highest- ranking state official to specialize
  in computer-related offenses. Her name had been on the Sundevil
  press release (though modestly ranked well after the local federal
  prosecuting attorney and the head of the Phoenix Secret Service
  office). As public commentary, and controversy, began to mount about
  the Hacker Crackdown, this Arizonan state official began to take a
  higher and higher public profile. Though uttering almost nothing
  specific about the Sundevil operation itself, she coined some of the
  most striking soundbites of the growing propaganda war: "Agents are
  operating in good faith, and I don't think you can say that for the
  hacker community," was one. Another was the memorable "I am not a
  mad dog prosecutor" (Houston Chronicle, Sept 2, 1990.) In the
  meantime, the Secret Service maintained its usual extreme
  discretion; the Chicago Unit, smarting from the backlash of the
  Steve Jackson scandal, had gone completely to earth.
  As I collated my growing pile of newspaper clippings, Gail Thackeray
  ranked as a comparative fount of public knowledge on police
  operations.
  I decided that I had to get to know Gail Thackeray. I wrote to her
  at the Arizona Attorney General's Office.
  Not only did she kindly reply to me, but, to my astonishment, she
  knew very well what "cyberpunk" science fiction was.
  Shortly after this, Gail Thackeray lost her job. And I temporarily
  misplaced my own career as a science-fiction writer, to become a
  full-time computer-crime journalist. In early March, 1991, I flew to
  Phoenix, Arizona, to interview Gail Thackeray for my book on the
  hacker crackdown.

                                   4.
  "Credit cards didn't used to cost anything to get," says Gail
  Thackeray. "Now they cost forty bucks -- and that's all just to
  cover the costs from rip-off artists."
  Electronic nuisance criminals are parasites. One by one they're not
  much harm, no big deal. But they never come just one by one. They
  come in swarms, heaps, legions, sometimes whole subcultures. And
  they bite. Every time we buy a credit card today, we lose a little
  financial vitality to a particular species of bloodsucker. What, in
  her expert opinion, are the worst forms of electronic crime, I ask,
  consulting my notes. Is it -credit card fraud? Breaking into ATM
  bank machines? Phone-phreaking? Computer intrusions? Software
  viruses? Access-code theft? Records tampering? Software piracy?
  Pornographic bulletin boards? Satellite TV piracy? Theft of cable
  service? It's a long list. By the time I reach the end of it I feel
  rather depressed. "Oh no," says Gail Thackeray, leaning forward over
  the table, her whole body gone stiff with energetic indignation,
  "the biggest damage is telephone fraud. Fake sweepstakes, fake
  charities. Boiler-room con operations. You could pay off the
  national debt with what these guys steal.... They target old people,
  they get hold of credit ratings and demographics, they rip off the
  old and the weak." The words come tumbling out of her.
  It's low-tech stuff, your everyday boiler-room fraud. Grifters,
  conning people out of money over the phone, have been around for
  decades. This is where the word "phony" came from!
  It's just that it's so much easier now, horribly facilitated by
  advances in technology and the byzantine structure of the modern
  phone system. The same professional fraudsters do it over and over,
  Thackeray tells me, they hide behind dense onion-shells of fake
  companies.... fake holding corporations nine or ten layers deep,
  registered all over the map. They get a phone installed under a
  false name in an empty safe-house. And then they call-forward
  everything out of that phone to yet another phone, a phone that may
  even be in another state. And they don't even pay the charges on
  their phones; after a month or so, they just split. Set up somewhere
  else in another Podunkville with the same seedy crew of veteran
  phone-crooks. They buy or steal commercial credit card reports, slap
  them on the PC, have a program pick out people over sixty-five who
  pay a lot to charities. A whole subculture living off this,
  merciless folks on the con.
  "The 'light-bulbs for the blind' people," Thackeray muses, with a
  special loathing. "There's just no end to them."
  We're sitting in a downtown diner in Phoenix, Arizona. It's a tough
  town, Phoenix. A state capital seeing some hard times. Even to a
  Texan like myself, Arizona state politics seem rather baroque. There
  was, and remains, endless trouble over the Martin Luther King
  holiday, the sort of stiff-necked, foot-shooting incident for which
  Arizona politics seem famous. There was Evan Mecham, the eccentric
  Republican millionaire governor who was impeached, after reducing
  state government to a ludicrous shambles. Then there was the
  national Keating scandal, involving Arizona savings and loans, in
  which both of Arizona's U.S. senators, DeConcini and McCain, played
  sadly prominent roles.
  And the very latest is the bizarre AzScam case, in which state
  legislators were videotaped, eagerly taking cash from an informant
  of the Phoenix city police department, who was posing as a Vegas
  mobster.
  "Oh," says Thackeray cheerfully. "These people are amateurs here,
  they thought they were finally getting to play with the big boys.
  They don't have the least idea how to take a bribe! It's not
  institutional corruption. It's not like back in Philly."
  Gail Thackeray was a former prosecutor in Philadelphia. Now she's a
  former assistant attorney general of the State of Arizona. Since
  moving to Arizona in 1986, she had worked under the aegis of Steve
  Twist, her boss in the Attorney General's office. Steve Twist wrote
  Arizona's pioneering computer crime laws and naturally took an
  interest in seeing them enforced. It was a snug niche, and
  Thackeray's Organized Crime and Racketeering Unit won a national
  reputation for ambition and technical knowledgeability.... Until the
  latest election in Arizona. Thackeray's boss ran for the top job,
  and lost. The victor, the new Attorney General, apparently went to
  some pains to eliminate the bureaucratic traces of his rival,
  including his pet group -- Thackeray's group. Twelve people got
  their walking papers.
  Now Thackeray's painstakingly assembled computer lab sits gathering
  dust somewhere in the glass-and-concrete Attorney General's HQ on
  1275 Washington Street. Her computer-crime books, her painstakingly
  garnered back issues of phreak and hacker zines, all bought at her
  own expense -- are piled in boxes somewhere. The State of Arizona is
  simply not particularly interested in electronic racketeering at the
  moment.
  At the moment of our interview, Gail Thackeray, officially
  unemployed, is working out of the county sheriff's office, living on
  her savings, and prosecuting several cases -- working 60-hour weeks,
  just as always -- for no pay at all. "I'm trying to train people,"
  she mutters.
  Half her life seems to be spent training people - merely pointing
  out, to the naive and incredulous (such as myself) that this stuff
  is actually going on out there. It's a small world, computer crime.
  A young world. Gail Thackeray, a trim blonde BabyBoomer who favors
  Grand Canyon white-water rafting to kill some slow time, is one of
  the world's most senior, most veteran "hacker-trackers." Her mentor
  was Donn Parker, the California think-tank theorist who got it all
  started 'way back in the mid70s, the "grandfather of the field,"
  "the great bald eagle of computer crime."
  And what she has learned, Gail Thackeray teaches. Endlessly.
  Tirelessly. To anybody. To Secret Service agents and state police,
  at the Glynco, Georgia federal training center. To local police, on
  "roadshows" with her slide projector and notebook. To corporate
  security personnel. To journalists. To parents.
  Even crooks look to Gail Thackeray for advice. Phone-phreaks call
  her at the office. They know very well who she is. They pump her for
  information on what the cops are up to, how much they know.
  Sometimes whole crowds of phone phreaks, hanging out on illegal
  conference calls, will call Gail Thackeray up. They taunt her. And,
  as always, they boast. Phone-phreaks, real stone phone-phreaks,
  simply cannot shut up. They natter on for hours.
  Left to themselves, they mostly talk about the intricacies of
  ripping-off phones; it's about as interesting as listening to hot-
  rodders talk about suspension and distributor-caps. They also gossip
  cruelly about each other. And when talking to Gail Thackeray, they
  incriminate themselves. "I have tapes," Thackeray says coolly.
  Phone phreaks just talk like crazy. "Dial-Tone" out in Alabama has
  been known to spend half-an- hour simply reading stolen phone-codes
  aloud into voice-mail answering machines. Hundreds, thousands of
  numbers, recited in a monotone, without a break -- an eerie
  phenomenon. When arrested, it's a rare phone phreak who doesn't
  inform at endless length on everybody he knows.
  Hackers are no better. What other group of criminals, she asks
  rhetorically, publishes newsletters and holds conventions? She seems
  deeply nettled by the sheer brazenness of this behavior, though to
  an outsider, this activity might make one wonder whether hackers
  should be considered "criminals" at all. Skateboarders have
  magazines, and they trespass a lot. Hot rod people have magazines
  and they break speed limits and sometimes kill people....
  I ask her whether it would be any loss to society if phone phreaking
  and computer hacking, as hobbies, simply dried up and blew away, so
  that nobody ever did it again. She seems surprised. "No," she says
  swiftly. "Maybe a little... in the old days... the MIT stuff... But
  there's a lot of wonderful, legal stuff you can do with computers
  now, you don't have to break into somebody else's just to learn. You
  don't have that excuse. You can learn all you like." Did you ever
  hack into a system? I ask.
  The trainees do it at Glynco. Just to demonstrate system
  vulnerabilities. She's cool to the notion. Genuinely indifferent.
  "What kind of computer do you have?"
  "A Compaq 286LE," she mutters.
  "What kind do you wish you had?"
  At this question, the unmistakable light of true hackerdom flares in
  Gail Thackeray's eyes. She becomes tense, animated, the words pour
  out: "An Amiga 2000 with an IBM card and Mac emulation! The most
  common hacker machines are Amigas and Commodores. And Apples." If
  she had the Amiga, she enthuses, she could run a whole galaxy of
  seized computer-evidence disks on one convenient multifunctional
  machine. A cheap one, too. Not like the old Attorney General lab,
  where they had an ancient CP/M machine, assorted Amiga flavors and
  Apple flavors, a couple IBMS, all the utility software... but no
  Commodores. The workstations down at the Attorney General's are Wang
  dedicated word-processors. Lame machines tied in to an office net -
  - though at least they get online to the Lexis and Westlaw legal
  data services. I don't say anything. I recognize the syndrome,
  though. This computer-fever has been running through segments of our
  society for years now. It's a strange kind of lust: K-hunger, Meg-
  hunger; but it's a shared disease; it can kill parties dead, as
  conversation spirals into the deepest and most deviant recesses of
  software releases and expensive peripherals.... The mark of the
  hacker beast. I have it too. The whole "electronic community,"
  whatever the hell that is, has it. Gail Thackeray has it. Gail
  Thackeray is a hacker cop. My immediate reaction is a strong rush of
  indignant pity: why doesn't somebody buy this woman her Amiga?! It's
  not like she's asking for a Cray X-MP supercomputer mainframe; an
  Amiga's a sweet little cookie-box thing. We're losing zillions in
  organized fraud; prosecuting and defending a single hacker case in
  court can cost a hundred grand easy. How come nobody can come up
  with four lousy grand so this woman can do her job? For a hundred
  grand we could buy every computer cop in America an Amiga. There
  aren't that many of 'em.
  Computers. The lust, the hunger, for computers. The loyalty they
  inspire, the intense sense of possessiveness. The culture they have
  bred. I myself am sitting in downtown Phoenix, Arizona because it
  suddenly occurred to me that the police might -- just might -- come
  and take away my computer. The prospect of this, the mere implied
  threat, was unbearable. It literally changed my life. It was
  changing the lives of many others. Eventually it would change
  everybody's life.
  Gail Thackeray was one of the top computercrime people in America.
  And I was just some novelist, and yet I had a better computer than
  hers. Practically everybody I knew had a better computer than Gail
  Thackeray and her feeble laptop 286. It was like sending the sheriff
  in to clean up Dodge City and arming her with a slingshot cut from
  an old rubber tire.
  But then again, you don't need a howitzer to enforce the law. You
  can do a lot just with a badge. With a badge alone, you can
  basically wreak havoc, take a terrible vengeance on wrongdoers.
  Ninety percent of "computer crime investigation" is just "crime
  investigation:" names, places, dossiers, modus operandi, search
  warrants, victims, complainants, informants...
  What will computer crime look like in ten years? Will it get better?
  Did "Sundevil" send 'em reeling back in confusion?
  It'll be like it is now, only worse, she tells me with perfect
  conviction. Still there in the background, ticking along, changing
  with the times: the criminal underworld. It'll be like drugs are.
  Like our problems with alcohol. All the cops and laws in the world
  never solved our problems with alcohol. If there's something people
  want, a certain percentage of them are just going to take it.
  Fifteen percent of the populace will never steal. Fifteen percent
  will steal most anything not nailed down. The battle is for the
  hearts and minds of the remaining seventy percent.
  And criminals catch on fast. If there's not "too steep a learning
  curve" -- if it doesn't require a baffling amount of expertise and
  practice -- then criminals are often some of the first through the
  gate of a new technology. Especially if it helps them to hide. They
  have tons of cash, criminals. The new communications tech -- like
  pagers, cellular phones, faxes, Federal Express -- were pioneered by
  rich corporate people, and by criminals. In the early years of
  pagers and beepers, dope dealers were so enthralled this technology
  that owing a beeper was practically prima facie evidence of cocaine
  dealing. CB radio exploded when the speed limit hit 55 and breaking
  the highway law became a national pastime. Dope dealers send cash by
  Federal Express, despite, or perhaps because of, the warnings in
  FedEx offices that tell you never to try this. Fed Ex uses X-rays
  and dogs on their mail, to stop drug shipments. That doesn't work
  very well.
  Drug dealers went wild over cellular phones. There are simple
  methods of faking ID on cellular phones, making the location of the
  call mobile, free of charge, and effectively untraceable. Now
  victimized cellular companies routinely bring in vast toll-lists of
  calls to Colombia and Pakistan.
  Judge Greene's fragmentation of the phone company is driving law
  enforcement nuts. Four thousand telecommunications companies. Fraud
  skyrocketing. Every temptation in the world available with a phone
  and a credit card number. Criminals untraceable. A galaxy of "new
  neat rotten things to do."
  Judge Greene's fragmentation of the phone company is driving law
  enforcement nuts. Four thousand telecommunications companies. Fraud
  skyrocketing. Every temptation in the world available with a phone
  and a credit card number. Criminals untraceable. A galaxy of "new
  neat rotten things to do."
  If there were one thing Thackeray would like to have, it would be an
  effective legal end-run through this new fragmentation minefield.
  It would be a new form of electronic search warrant, an "electronic
  letter of marque" to be issued by a judge. It would create a new
  category of "electronic emergency." Like a wiretap, its use would be
  rare, but it would cut across state lines and force swift
  cooperation from all concerned. Cellular, phone, laser, computer
  network, PBXes, AT&T, Baby Bells, long-distance entrepreneurs,
  packet radio. Some document, some mighty court-order, that could
  slice through four thousand separate forms of corporate red-tape,
  and get her at once to the source of calls, the source of email
  threats and viruses, the sources of bomb threats, kidnapping
  threats. "From now on," she says, "the Lindberg baby will always
  die."
  Something that would make the Net sit still, if only for a moment.
  Something that would get her up to speed. Seven league boots. That's
  what she really needs. "Those guys move in nanoseconds and I'm on
  the Pony Express." And then, too, there's the coming international
  angle. Electronic crime has never been easy to localize, to tie to a
  physical jurisdiction. And phone phreaks and hackers loathe
  boundaries, they jump them whenever they can. The English. The
  Dutch. And the Germans, especially the ubiquitous Chaos Computer
  Club. The Australians. They've all learned phone-phreaking from
  America. It's a growth mischief industry. The multinational networks
  are global, but governments and the police simply aren't. Neither
  are the laws. Or the legal frameworks for citizen protection.
  One language is global, though - English. Phone phreaks speak
  English; it's their native tongue even if they're Germans. English
  may have started in England but now it's the Net language; it might
  as well be called "CNNese."
  Asians just aren't much into phone phreaking. They're the world
  masters at organized software piracy. The French aren't into phone-
  phreaking either. The French are into computerized industrial
  espionage.
  In the old days of the MIT righteous hackerdom, crashing systems
  didn't hurt anybody. Not all that much, anyway. Not permanently. Now
  the players are more venal. Now the consequences are worse. Hacking
  will begin killing people soon. Already there are methods of
  stacking calls onto 911 systems, annoying the police, and possibly
  causing the death of some poor soul calling in with a genuine
  emergency. Hackers in Amtrak computers, or airtraffic control
  computers, will kill somebody someday. Maybe a lot of people. Gail
  Thackeray expects it.
  And the viruses are getting nastier. The "Scud" virus is the latest
  one out. It wipes hard-disks.
  According to Thackeray, the idea that phonephreaks are Robin Hoods
  is a fraud. They don't deserve this repute. Basically, they pick on
  the weak. AT&T now protects itself with the fearsome ANI (Automatic
  Number Identification) trace capability. When AT&T wised up and
  tightened security generally, the phreaks drifted into the Baby
  Bells. The Baby Bells lashed out in 1989 and 1990, so the phreaks
  switched to smaller long-distance entrepreneurs. Today, they are
  moving into locally owned PBXes and voice-mail systems, which are
  full of security holes, dreadfully easy to hack. These victims
  aren't the moneybags Sheriff of Nottingham or Bad King John, but
  small groups of innocent people who find it hard to protect
  themselves, and who really suffer from these depredations. Phone
  phreaks pick on the weak. They do it for power. If it were legal,
  they wouldn't do it. They don't want service, or knowledge, they
  want the thrill of powertripping. There's plenty of knowledge or
  service around, if you're willing to pay. Phone phreaks don't pay,
  they steal. It's because it is illegal that it feels like power,
  that it gratifies their vanity.
  I leave Gail Thackeray with a handshake at the door of her office
  building - a vast International Style office building downtown. The
  Sheriff's office is renting part of it. I get the vague impression
  that quite a lot of the building is empty - real estate crash. In a
  Phoenix sports apparel store, in a downtown mall, I meet the "Sun
  Devil" himself. He is the cartoon mascot of Arizona State
  University, whose football stadium, "Sundevil," is near the local
  Secret Service HQ - hence the name Operation Sundevil. The Sun Devil
  himself is named "Sparky." Sparky the Sun Devil is maroon and bright
  yellow, the school colors. Sparky brandishes a three-tined yellow
  pitchfork. He has a small mustache, pointed ears, a barbed tail, and
  is dashing forward jabbing the air with the pitchfork, with an
  expression of devilish glee.
  Phoenix was the home of Operation Sundevil. The Legion of Doom ran a
  hacker bulletin board called "The Phoenix Project." An Australian
  hacker named "Phoenix" once burrowed through the Internet to attack
  Cliff Stoll, then bragged and boasted about it to The New York
  Times. This net of coincidence is both odd and meaningless.
  The headquarters of the Arizona Attorney General, Gail Thackeray's
  former workplace, is on 1275 Washington Avenue. Many of the downtown
  streets in Phoenix are named after prominent American presidents:
  Washington, Jefferson, Madison...
  After dark, all the employees go home to their suburbs. Washington,
  Jefferson and Madison - what would be the Phoenix inner city, if
  there were an inner city in this sprawling automobile-bred town -
  become the haunts of transients and derelicts. The homeless. The
  sidewalks along Washington are lined with orange trees. Ripe fallen
  fruit lies scattered like croquet balls on the sidewalks and
  gutters. No one seems to be eating them. I try a fresh one. It
  tastes unbearably bitter.
  The Attorney General's office, built in 1981 during the Babbitt
  administration, is a long low two story building of white cement and
  wall-sized sheets of curtain-glass. Behind each glass wall is a
  lawyer's office, quite open and visible to anyone strolling by.
  Across the street is a dour government building labelled simply
  ECONOMIC SECURITY, something that has not been in great supply in
  the American Southwest lately.
  The offices are about twelve feet square. They feature tall wooden
  cases full of red-spined lawbooks; Wang computer monitors;
  telephones; Post-it notes galore. Also framed law diplomas and a
  general excess of bad Western landscape art. Ansel Adams photos are
  a big favorite, perhaps to compensate for the dismal specter of the
  parking lot, two acres of striped black asphalt, which features
  gravel landscaping and some sickly-looking barrel cacti.
  It has grown dark. Gail Thackeray has told me that the people who
  work late here, are afraid of muggings in the parking lot. It seems
  cruelly ironic that a woman tracing electronic racketeers across the
  interstate labyrinth of Cyberspace should fear an assault by a
  homeless derelict in the parking lot of her own workplace.
  Perhaps this is less than coincidence. Perhaps these two seemingly
  disparate worlds are somehow generating one another. The poor and
  disenfranchised take to the streets, while the rich and computer-
  equipped, safe in their bedrooms, chatter over their modems. Quite
  often the derelicts kick the glass out and break in to the lawyers'
  offices, if they see something they need or want badly enough. I
  cross the parking lot to the street behind the Attorney General's
  office. A pair of young tramps are bedding down on flattened sheets
  of cardboard, under an alcove stretching over the sidewalk. One
  tramp wears a glitter-covered T-shirt reading "CALIFORNIA" in Coca-
  Cola cursive. His nose and cheeks look chafed and swollen; they
  glisten with what seems to be Vaseline. The other tramp has a ragged
  long-sleeved shirt and lank brown hair parted in the middle. They
  both wear blue jeans coated in grime. They are both drunk. "You guys
  crash here a lot?" I ask them.
  They look at me warily. I am wearing black jeans, a black pinstriped
  suit jacket and a black silk tie. I have odd shoes and a funny
  haircut.
  "It's our first time here," says the red-nosed tramp unconvincingly.
  There is a lot of cardboard stacked here. More than any two people
  could use.
  "We usually stay at the Vinnie's down the street," says the brown-
  haired tramp, puffing a Marlboro with a meditative air, as he
  sprawls with his head on a blue nylon backpack. "The Saint
  Vincent's." "You know who works in that building over there?" I ask,
  pointing. The brown-haired tramp shrugs. "Some kind of attorneys, it
  says."
  We urge one another to take it easy. I give them five bucks. A block
  down the street I meet a vigorous workman who is wheeling along some
  kind of industrial trolley; it has what appears to be a tank of
  propane on it.
  We make eye contact. We nod politely. I walk past him. "Hey! Excuse
  me sir!" he says.
  "Yes?" I say, stopping and turning.
  "Have you seen," the guy says rapidly, "a black guy, about 6'7",
  scars on both his cheeks like this -" he gestures - "wears a black
  baseball cap on backwards, wandering around here anyplace?"
  "Sounds like I don't much want to meet him," I say.
  "He took my wallet," says my new acquaintance. "Took it this
  morning. Y'know, some people would be scared of a guy like that. But
  I'm not scared. I'm from Chicago. I'm gonna hunt him down. We do
  things like that in Chicago."
  "Yeah?"
  "I went to the cops and now he's got an APB out on his ass," he says
  with satisfaction. "You run into him, you let me know." "Okay," I
  say. "What is your name, sir?"
  "Stanley..."
  "And how can I reach you?"
  "Oh," Stanley says, in the same rapid voice, "you don't have to
  reach, uh, me. You can just call the cops. Go straight to the cops."
  He reaches into a pocket and pulls out a greasy piece of pasteboard.
  "See, here's my report on him."
  I look. The "report," the size of an index card, is labelled PRO-
  ACT: Phoenix Residents Opposing Active Crime Threat... or is it
  Organized Against Crime Threat? In the darkening street it's hard to
  read. Some kind of vigilante group? Neighborhood watch? I feel very
  puzzled.
  "Are you a police officer, sir?"
  He smiles, seems very pleased by the question.
  "No," he says.
  "But you are a `Phoenix Resident?"'
  "Would you believe a homeless person," Stanley says.
  "Really? But what's with the..." For the first time I take a close
  look at Stanley's trolley. It's a rubber-wheeled thing of industrial
  metal, but the device I had mistaken for a tank of propane is in
  fact a water-cooler. Stanley also has an Army duffel-bag, stuffed
  tight as a sausage with clothing or perhaps a tent, and, at the base
  of his trolley, a cardboard box and a battered leather briefcase.
  "I see," I say, quite at a loss. For the first time I notice that
  Stanley has a wallet. He has not lost his wallet at all. It is in
  his back pocket and chained to his belt. It's not a new wallet. It
  seems to have seen a lot of wear.
  "Well, you know how it is, brother," says Stanley. Now that I know
  that he is homeless - a possible threat - my entire perception of
  him has changed in an instant. His speech, which once seemed just
  bright and enthusiastic, now seems to have a dangerous tang of
  mania. "I have to do this!" he assures me. "Track this guy down...
  It's a thing I do... you know... to keep myself together!" He
  smiles, nods, lifts his trolley by its decaying rubber handgrips.
  "Gotta work together, y'know," Stanley booms, his face alight with
  cheerfulness, "the police can't do everything!"
  The gentlemen I met in my stroll in downtown Phoenix are the only
  computer illiterates in this book. To regard them as irrelevant,
  however, would be a grave mistake.
  As computerization spreads across society, the populace at large is
  subjected to wave after wave of future shock. But, as a necessary     
  converse, the "computer community" itself is subjected to wave after
  wave of incoming computer illiterates. How will those currently
  enjoying America's digital bounty regard, and treat, all this
  teeming refuse yearning to breathe free? Will the electronic
  frontier be another Land of Opportunity - or an armed and monitored
  enclave, where the disenfranchised snuggle on their cardboard at the
  locked doors of our houses of justice?
  Some people just don't get along with computers. They can't read.
  They can't type. They just don't have it in their heads to master
  arcane instructions in wirebound manuals. Somewhere, the process of
  computerization of the populace will reach a limit. Some people -
  quite decent people maybe, who might have thrived in any other
  situation - will be left irretrievably outside the bounds. What's to
  be done with these people, in the bright new shiny electroworld? How
  will they be regarded, by the mouse-whizzing masters of cyberspace?
  With contempt? Indifference? Fear?
  In retrospect, it astonishes me to realize how quickly poor Stanley
  became a perceived threat. Surprise and fear are closely allied
  feelings. And the world of computing is full of surprises.
  I met one character in the streets of Phoenix whose role in those
  book is supremely and directly relevant. That personage was
  Stanley's giant thieving scarred phantom. This phantasm is
  everywhere in this book. He is the specter haunting cyberspace.
  Sometimes he's a maniac vandal ready to smash the phone system for
  no sane reason at all. Sometimes he's a fascist fed, coldly
  programming his mighty mainframes to destroy our Bill of Rights.
  Sometimes he's a telco bureaucrat, covertly conspiring to register
  all modems in the service of an Orwellian surveillance regime.
  Mostly, though, this fearsome phantom is a "hacker." He's strange,
  he doesn't belong, he's not authorized, he doesn't smell right, he's
  not keeping his proper place, he's not one of us. The focus of fear
  is the hacker, for much the same reasons that Stanley's fancied
  assailant is black.
  Stanley's demon can't go away, because he doesn't exist. Despite
  singleminded and tremendous effort, he can't be arrested, sued,
  jailed, or fired. The only constructive way to do anything about him
  is to learn more about Stanley himself. This learning process may be
  repellent, it may be ugly, it may involve grave elements of
  paranoiac confusion, but it's necessary. Knowing Stanley requires
  something more than class-crossing condescension. It requires more
  than steely legal objectivity. It requires human compassion and
  sympathy. To know Stanley is to know his demon. If you know the
  other guy's demon, then maybe you'll come to know some of your own.
  You'll be able to separate reality from illusion. And then you won't
  do your cause, and yourself, more harm than good. Like poor damned
  Stanley from Chicago did.

                                   5.
  The Federal Computer Investigations Committee (FCIC) is the most
  important and influential organization in the realm of American
  computer-crime. Since the police of other countries have largely
  taken their computer-crime cues from American methods, the FCIC
  might well be called the most important computer crime group in the
  world.
  It is also, by federal standards, an organization of great
  unorthodoxy. State and local investigators mix with federal agents.
  Lawyers, financial auditors and computer-security programmers trade
  notes with street cops. Industry vendors and telco security people
  show up to explain their gadgetry and plead for protection and
  justice. Private investigators, think-tank experts and industry
  pundits throw in their two cents' worth. The FCIC is the antithesis
  of a formal bureaucracy. Members of the FCIC are obscurely proud of
  this fact; they recognize their group as aberrant, but are entirely
  convinced that this, for them, outright *weird* behavior is
  nevertheless *absolutely necessary* to get their jobs done.
  FCIC regulars -- from the Secret Service, the FBI, the IRS, the
  Department of Labor, the offices of federal attorneys, state police,
  the Air Force, from military intelligence -- often attend meetings,
  held hither and thither across the country, at their own expense.
  The FCIC doesn't get grants. It doesn't charge membership fees. It
  doesn't have a boss. It has no headquarters -- just a mail drop in
  Washington DC, at the Fraud Division of the Secret Service. It
  doesn't have a budget. It doesn't have schedules. It meets three
  times a year -- sort of. Sometimes it issues publications, but the
  FCIC has no regular publisher, no treasurer, not even a secretary.
  There are no minutes of FCIC meetings. Non-federal people are
  considered "non-voting members," but there's not much in the way of
  elections. There are no badges, lapel pins or certificates of
  membership. Everyone is on a firstname basis. There are about forty
  of them. Nobody knows how many, exactly. People come, people go -
  sometimes people "go" formally but still hang around anyway. Nobody
  has ever exactly figured out what "membership" of this "Committee"
  actually entails.
  Strange as this may seem to some, to anyone familiar with the social
  world of computing, the "organization" of the FCIC is very
  recognizable.
  For years now, economists and management theorists have speculated
  that the tidal wave of the information revolution would destroy
  rigid, pyramidal bureaucracies, where everything is topdown and
  centrally controlled. Highly trained "employees" would take on much
  greater autonomy, being self-starting, and self-motivating, moving
  from place to place, task to task, with great speed and fluidity.
  "Ad-hocracy" would rule, with groups of people spontaneously
  knitting together across organizational lines, tackling the problem
  at hand, applying intense computer-aided expertise to it, and then
  vanishing whence they came.
  This is more or less what has actually happened in the world of
  federal computer investigation. With the conspicuous exception of
  the phone companies, which are after all over a hundred years old,
  practically *every* organization that plays any important role in
  this book functions just like the FCIC. The Chicago Task Force, the
  Arizona Racketeering Unit, the Legion of Doom, the Phrack crowd, the
  Electronic Frontier Foundation -- they *all* look and act like
  "tiger teams" or "user's groups." They are all electronic ad-
  hocracies leaping up spontaneously to attempt to meet a need.
  Some are police. Some are, by strict definition, criminals. Some are
  political interest-groups. But every single group has that same
  quality of apparent spontaneity -- "Hey, gang! My uncle's got a barn
  -let's put on a show!"
  Every one of these groups is embarrassed by this "amateurism," and,
  for the sake of their public image in a world of non-computer
  people, they all attempt to look as stern and formal and impressive
  as possible. These electronic frontier-dwellers resemble groups of
  nineteenth-century pioneers hankering after the respectability of
  statehood. There are however, two crucial differences in the
  historical experience of these "pioneers" of the nineteeth and
  twenty-first centuries.
  First, powerful information technology *does* play into the hands of
  small, fluid, loosely organized groups. There have always been
  "pioneers," "hobbyists," "amateurs," "dilettantes," "volunteers,"
  "movements," "users' groups" and "blue-ribbon panels of experts"
  around. But a group of this kind - when technically equipped to ship
  huge amounts of specialized information, at lightning speed, to its
  members, to government, and to the press -- is simply a different
  kind of animal. It's like the difference between an eel and an
  electric eel.
  The second crucial change is that American society is currently in a
  state approaching permanent technological revolution. In the world
  of computers particularly, it is practically impossible to *ever*
  stop being a "pioneer," unless you either drop dead or deliberately
  jump off the bus. The scene has never slowed down enough to become
  well-institutionalized. And after twenty, thirty, forty years the
  "computer revolution" continues to spread, to permeate new corners
  of society. Anything that really works is already obsolete.
  If you spend your entire working life as a "pioneer," the word
  "pioneer" begins to lose its meaning. Your way of life looks less
  and less like an introduction to "something else" more stable and
  organized, and more and more like *just the way things are.* A
  "permanent revolution" is really a contradiction in terms. If
  "turmoil" lasts long enough, it simply becomes *a new kind of
  society* -still the same game of history, but new players, new
  rules. Apply this to the world of late twentieth-century law
  enforcement, and the implications are novel and puzzling indeed. Any
  bureaucratic rulebook you write about computer-crime will be flawed
  when you write it, and almost an antique by the time it sees print.
  The fluidity and fast reactions of the FCIC give them a great
  advantage in this regard, which explains their success. Even with
  the best will in the world (which it does not, in fact, possess) it
  is impossible for an organization the size of the U.S. Federal
  Bureau of Investigation to get up to speed on the theory and
  practice of computer crime. If they tried to train all their agents
  to do this, it would be *suicidal,* as they would *never be able to
  do anything else.*
  The FBI does try to train its agents in the basics of electronic
  crime, at their base in Quantico, Virginia. And the Secret Service,
  along with many other law enforcement groups, runs quite successful
  and well-attended training courses on wire fraud, business crime,
  and computer intrusion at the Federal Law Enforcement Training
  Center (FLETC, pronounced "fletsy") in Glynco, Georgia. But the best
  efforts of these bureaucracies does not remove the absolute need for
  a "cutting-edge mess" like the FCIC.
  For you see -- the members of FCIC *are* the trainers of the rest of
  law enforcement. Practically and literally speaking, they are the
  Glynco computer- crime faculty by another name. If the FCIC went
  over a cliff on a bus, the U.S. law enforcement community would be
  rendered deaf dumb and blind in the world of computer crime, and
  would swiftly feel a desperate need to reinvent them. And this is no
  time to go starting from scratch.
  On June 11, 1991, I once again arrived in Phoenix, Arizona, for the
  latest meeting of the Federal Computer Investigations Committee.
  This was more or less the twentieth meeting of this stellar group.
  The count was uncertain, since nobody could figure out whether to
  include the meetings of "the Colluquy," which is what the FCIC was
  called in the mid-1980s before it had even managed to obtain the
  dignity of its own acronym.
  Since my last visit to Arizona, in May, the local AzScam bribery
  scandal had resolved itself in a general muddle of humiliation. The
  Phoenix chief of police, whose agents had videotaped nine state
  legislators up to no good, had resigned his office in a tussle with
  the Phoenix city council over the propriety of his undercover
  operations.
  The Phoenix Chief could now join Gail Thackeray and eleven of her
  closest associates in the shared experience of politically motivated
  unemployment. As of June, resignations were still continuing at the
  Arizona Attorney General's office, which could be interpreted as
  either a New Broom Sweeping Clean or a Night of the Long Knives Part
  II, depending on your point of view.
  The meeting of FCIC was held at the Scottsdale Hilton Resort.
  Scottsdale is a wealthy suburb of Phoenix, known as "Scottsdull" to
  scoffing local trendies, but well-equipped with posh shoppingmalls
  and manicured lawns, while conspicuously undersupplied with homeless
  derelicts. The Scottsdale Hilton Resort was a sprawling hotel in
  postmodern crypto-Southwestern style. It featured a "mission bell
  tower" plated in turquoise tile and vaguely resembling a Saudi
  minaret.
  Inside it was all barbarically striped Santa Fe Style decor. There
  was a health spa downstairs and a large oddly-shaped pool in the
  patio. A poolside umbrella-stand offered Ben and Jerry's politically
  correct Peace Pops.
  I registered as a member of FCIC, attaining a handy discount rate,
  then went in search of the Feds. Sure enough, at the back of the
  hotel grounds came the unmistakable sound of Gail Thackeray holding
  forth.
  Since I had also attended the Computers Freedom and Privacy
  conference (about which more later), this was the second time I had
  seen Thackeray in a group of her law enforcement colleagues. Once
  again I was struck by how simply pleased they seemed to see her. It
  was natural that she'd get *some* attention, as Gail was one of two
  women in a group of some thirty men; but there was a lot more to it
  than that.
  Gail Thackeray personifies the social glue of the FCIC. They could
  give a damn about her losing her job with the Attorney General. They
  were sorry about it, of course, but hell, they'd all lost jobs. If
  they were the kind of guys who liked steady boring jobs, they would
  never have gotten into computer work in the first place.
  I wandered into her circle and was immediately introduced to five
  strangers. The conditions of my visit at FCIC were reviewed. I would
  not quote anyone directly. I would not tie opinions expressed to the
  agencies of the attendees. I would not (a purely hypothetical
  example) report the conversation of a guy from the Secret Service
  talking quite civilly to a guy from the FBI, as these two agencies
  *never* talk to each other, and the IRS (also present, also
  hypothetical) *never talks to anybody.*
  Worse yet, I was forbidden to attend the first conference. And I
  didn't. I have no idea what the FCIC was up to behind closed doors
  that afternoon. I rather suspect that they were engaging in a frank
  and thorough confession of their errors, goof-ups and blunders, as
  this has been a feature of every FCIC meeting since their legendary
  Memphis beer bust of 1986. Perhaps the single greatest attraction of
  FCIC is that it is a place where you can go, let your hair down, and
  completely level with people who actually comprehend what you are
  talking about. Not only do they understand you, but they *really pay
  attention,* they are *grateful for your insights,* and they *forgive
  you,* which in nine cases out of ten is something even your boss
  can't do, because as soon as you start talking "ROM," "BBS," or "T-
  1 trunk," his eyes glaze over. I had nothing much to do that
  afternoon. The FCIC were beavering away in their conference room.
  Doors were firmly closed, windows too dark to peer through. I
  wondered what a real hacker, a computer intruder, would do at a
  meeting like this.
  The answer came at once. He would "trash" the place. Not reduce the
  place to trash in some orgy of vandalism; that's not the use of the
  term in the hacker milieu. No, he would quietly *empty the trash
  baskets* and silently raid any valuable data indiscreetly thrown
  away.
  Journalists have been known to do this. (Journalists hunting
  information have been known to do almost every single unethical
  thing that hackers have ever done. They also throw in a few awful
  techniques all their own.) The legality of 'trashing' is somewhat
  dubious but it is not in fact flagrantly illegal. It was, however,
  absurd to contemplate trashing the FCIC. These people knew all about
  trashing. I wouldn't last fifteen seconds.
  The idea sounded interesting, though. I'd been hearing a lot about
  the practice lately. On the spur of the moment, I decided I would
  try trashing the office *across the hall* from the FCIC, an area
  which had nothing to do with the investigators.
  The office was tiny; six chairs, a table.... Nevertheless, it was
  open, so I dug around in its plastic trash can.
  To my utter astonishment, I came up with the torn scraps of a SPRINT
  long-distance phone bill. More digging produced a bank statement and
  the scraps of a hand-written letter, along with gum, cigarette
  ashes, candy wrappers and a day-old-issue of USA TODAY.
  The trash went back in its receptacle while the scraps of data went
  into my travel bag. I detoured through the hotel souvenir shop for
  some Scotch tape and went up to my room.
  Coincidence or not, it was quite true. Some poor soul had, in fact,
  thrown a SPRINT bill into the hotel's trash. Date May 1991, total
  amount due: $252.36. Not a business phone, either, but a residential
  bill, in the name of someone called Evelyn (not her real name).
  Evelyn's records showed a ## PAST DUE BILL ##! Here was her nine-
  digit account ID. Here was a stern computer-printed warning: "TREAT
  YOUR FONCARD AS YOU WOULD ANY CREDIT CARD. TO SECURE AGAINST FRAUD,
  NEVER GIVE YOUR FONCARD NUMBER OVER THE PHONE UNLESS YOU INITIATED
  THE CALL. IF YOU RECEIVE SUSPICIOUS CALLS PLEASE NOTIFY CUSTOMER
  SERVICE IMMEDIATELY!"
  I examined my watch. Still plenty of time left for the FCIC to carry
  on. I sorted out the scraps of Evelyn's SPRINT bill and re-assembled
  them with fresh Scotch tape. Here was her ten-digit FONCARD number.
  Didn't seem to have the ID number necessary to cause real fraud
  trouble.
  I did, however, have Evelyn's home phone number. And the phone
  numbers for a whole crowd of Evelyn's long-distance friends and
  acquaintances. In San Diego, Folsom, Redondo, Las Vegas, La Jolla,
  Topeka, and Northampton Massachusetts. Even somebody in Australia!
  I examined other documents. Here was a bank statement. It was
  Evelyn's IRA account down at a bank in San Mateo California (total
  balance $1877.20). Here was a charge-card bill for $382.64. She was
  paying it off bit by bit.
  Driven by motives that were completely unethical and prurient, I now
  examined the handwritten notes. They had been torn fairly
  thoroughly, so much so that it took me almost an entire five minutes
  to reassemble them.
  They were drafts of a love letter. They had been written on the
  lined stationery of Evelyn's employer, a biomedical company.
  Probably written at work when she should have been doing something
  else.
  "Dear Bob," (not his real name) "I guess in everyone's life there
  comes a time when hard decisions have to be made, and this is a
  difficult one for me -- very upsetting. Since you haven't called me,
  and I don't understand why, I can only surmise it's because you
  don't want to. I thought I would have heard from you Friday. I did
  have a few unusual problems with my phone and possibly you tried, I
  hope so.
  "Robert, you asked me to 'let go'..."
  The first note ended. *Unusual problems with her phone?* I looked
  swiftly at the next note. "Bob, not hearing from you for the whole
  weekend has left me very perplexed..."
  Next draft. "Dear Bob, there is so much I don't understand right
  now, and I wish I did. I wish I could talk to you, but for some
  unknown reason you have elected not to call -- this is so difficult
  for me to understand..."
  She tried again.
  "Bob, Since I have always held you in such high esteem, I had every
  hope that we could remain good friends, but now one essential
  ingredient is missing - respect. Your ability to discard people when
  their purpose is served is appalling to me. The kindest thing you
  could do for me now is to leave me alone. You are no longer welcome
  in my heart or home..."
  Try again.
  "Bob, I wrote a very factual note to you to say how much respect I
  had lost for you, by the way you treat people, me in particular, so
  uncaring and cold. The kindest thing you can do for me is to leave
  me alone entirely, as you are no longer welcome in my heart or home.
  I would appreciate it if you could retire your debt to me as soon as
  possible -- I wish no link to you in any way. Sincerely, Evelyn."
  Good heavens, I thought, the bastard actually owes her money! I
  turned to the next page.
  "Bob: very simple. GOODBYE! No more mind games -- no more
  fascination -- no more coldness -no more respect for you! It's over
  -- Finis. Evie"
  There were two versions of the final brushoff letter, but they read
  about the same. Maybe she hadn't sent it. The final item in my
  illicit and shameful booty was an envelope addressed to "Bob" at his
  home address, but it had no stamp on it and it hadn't been mailed.
  Maybe she'd just been blowing off steam because her rascal boyfriend
  had neglected to call her one weekend. Big deal. Maybe they'd kissed
  and made up, maybe she and Bob were down at Pop's Chocolate Shop
  now, sharing a malted. Sure.
  Easy to find out. All I had to do was call Evelyn up. With a half-
  clever story and enough brass- plated gall I could probably trick
  the truth out of her. Phone-phreaks and hackers deceive people over
  the phone all the time. It's called "social engineering." Social
  engineering is a very common practice in the underground, and almost
  magically effective. Human beings are almost always the weakest link
  in computer security. The simplest way to learn Things You Are Not
  Meant To Know is simply to call up and exploit the knowledgeable
  people. With social engineering, you use the bits of specialized
  knowledge you already have as a key, to manipulate people into
  believing that you are legitimate. You can then coax, flatter, or
  frighten them into revealing almost anything you want to know.
  Deceiving people (especially over the phone) is easy and fun.
  Exploiting their gullibility is very gratifying; it makes you feel
  very superior to them. If I'd been a malicious hacker on a trashing
  raid, I would now have Evelyn very much in my power. Given all this
  inside data, it wouldn't take much effort at all to invent a
  convincing lie. If I were ruthless enough, and jaded enough, and
  clever enough, this momentary indiscretion of hers -maybe committed
  in tears, who knows -- could cause her a whole world of confusion
  and grief.
  I didn't even have to have a *malicious* motive. Maybe I'd be "on
  her side," and call up Bob instead, and anonymously threaten to
  break both his kneecaps if he didn't take Evelyn out for a steak
  dinner pronto. It was still profoundly *none of my business.* To
  have gotten this knowledge at all was a sordid act and to use it
  would be to inflict a sordid injury.
  To do all these awful things would require exactly zero high-tech
  expertise. All it would take was the willingness to do it and a
  certain amount of bent imagination. I went back downstairs. The
  hard-working FCIC, who had labored forty-five minutes over their
  schedule, were through for the day, and adjourned to the hotel bar.
  We all had a beer.
  I had a chat with a guy about "Isis," or rather IACIS, the
  International Association of Computer Investigation Specialists.
  They're into "computer forensics," the techniques of picking
  computersystems apart without destroying vital evidence. IACIS,
  currently run out of Oregon, is comprised of investigators in the
  U.S., Canada, Taiwan and Ireland. "Taiwan and Ireland?" I said. Are
  *Taiwan* and *Ireland* really in the forefront of this stuff? Well
  not exactly, my informant admitted. They just happen to have been
  the first ones to have caught on by word of mouth. Still, the
  international angle counts, because this is obviously an
  international problem. Phone-lines go everywhere.
  There was a Mountie here from the Royal Canadian Mounted Police. He
  seemed to be having quite a good time. Nobody had flung this
  Canadian out because he might pose a foreign security risk. These
  are cyberspace cops. They still worry a lot about "jurisdictions,"
  but mere geography is the least of their troubles. NASA had failed
  to show. NASA suffers a lot from computer intrusions, in particular
  from Australian raiders and a well-trumpeted Chaos Computer Club
  case, and in 1990 there was a brief press flurry when it was
  revealed that one of NASA's Houston branch-exchanges had been
  systematically ripped off by a gang of phone-phreaks. But the NASA
  guys had had their funding cut. They were stripping everything.
  Air Force OSI, its Office of Special Investigations, is the *only*
  federal entity dedicated full-time to computer security. They'd been
  expected to show up in force, but some of them had cancelled -- a
  Pentagon budget pinch.
  As the empties piled up, the guys began joshing around and telling
  war- stories. "These are cops," Thackeray said tolerantly. "If
  they're not talking shop they talk about women and beer."
  I heard the story about the guy who, asked for "a copy" of a
  computer disk, *photocopied the label on it.* He put the floppy disk
  onto the glass plate of a photocopier. The blast of static when the
  copier worked completely erased all the real information on the
  disk.
  Some other poor souls threw a whole bag of confiscated diskettes
  into the squad-car trunk next to the police radio. The powerful
  radio signal blasted them, too. We heard a bit about Dave Geneson,
  the first computer prosecutor, a mainframe-runner in Dade County,
  turned lawyer. Dave Geneson was one guy who had hit the ground
  running, a signal virtue in making the transition to computer-crime.
  It was generally agreed that it was easier to learn the world of
  computers first, then police or prosecutorial work. You could take
  certain computer people and train 'em to successful police work -
  - but of course they had to have the *cop mentality.* They had to
  have street smarts. Patience. Persistence. And discretion. You've
  got to make sure they're not hotshots, show-offs, "cowboys."
  Most of the folks in the bar had backgrounds in military
  intelligence, or drugs, or homicide. It was rudely opined that
  "military intelligence" was a contradiction in terms, while even the
  grisly world of homicide was considered cleaner than drug
  enforcement. One guy had been 'way undercover doing dope- work in
  Europe for four years straight. "I'm almost recovered now," he said
  deadpan, with the acid black humor that is pure cop. "Hey, now I can
  say *fucker* without putting *mother* in front of it."
  "In the cop world," another guy said earnestly, "everything is good
  and bad, black and white. In the computer world everything is gray."
  One guy -- a founder of the FCIC, who'd been with the group since it
  was just the Colluquy -described his own introduction to the field.
  He'd been a Washington DC homicide guy called in on a "hacker" case.
  From the word "hacker," he naturally assumed he was on the trail of
  a knife-wielding marauder, and went to the computer center expecting
  blood and a body. When he finally figured out what was happening
  there (after loudly demanding, in vain, that the programmers "speak
  English"), he called headquarters and told them he was clueless
  about computers. They told him nobody else knew diddly either, and
  to get the hell back to work.
  So, he said, he had proceeded by comparisons. By analogy. By
  metaphor. "Somebody broke in to your computer, huh?" Breaking and
  entering; I can understand that. How'd he get in? "Over the
  phonelines." Harassing phone-calls, I can understand that! What we
  need here is a tap and a trace!
  It worked. It was better than nothing. And it worked a lot faster
  when he got hold of another cop who'd done something similar. And
  then the two of them got another, and another, and pretty soon the
  Colluquy was a happening thing. It helped a lot that everybody
  seemed to know Carlton Fitzpatrick, the data-processing trainer in
  Glynco.
  The ice broke big-time in Memphis in '86. The Colluquy had attracted
  a bunch of new guys -- Secret Service, FBI, military, other feds,
  heavy guys. Nobody wanted to tell anybody anything. They suspected
  that if word got back to the home office they'd all be fired. They
  passed an uncomfortably guarded afternoon.
  The formalities got them nowhere. But after the formal session was
  over, the organizers brought in a case of beer. As soon as the
  participants knocked it off with the bureaucratic ranks and turf-
  fighting, everything changed. "I bared my soul," one veteran
  reminisced proudly. By nightfall they were building pyramids of
  empty beer-cans and doing everything but composing a team fight
  song.
  FCIC were not the only computer-crime people around. There was DATTA
  (District Attorneys' Technology Theft Association), though they
  mostly specialized in chip theft, intellectual property, and black-
  market cases. There was HTCIA (High Tech Computer Investigators
  Association), also out in Silicon Valley, a year older than FCIC and
  featuring brilliant people like Donald Ingraham. There was LEETAC
  (Law Enforcement Electronic Technology Assistance Committee) in
  Florida, and computercrime units in Illinois and Maryland and Texas
  and Ohio and Colorado and Pennsylvania. But these were local groups.
  FCIC were the first to really network nationally and on a federal
  level.
  FCIC people live on the phone lines. Not on bulletin board systems -
  - they know very well what boards are, and they know that boards
  aren't secure. Everyone in the FCIC has a voice-phone bill like you
  wouldn't believe. FCIC people have been tight with the telco people
  for a long time. Telephone cyberspace is their native habitat.
  FCIC has three basic sub-tribes: the trainers, the security people,
  and the investigators. That's why it's called an "Investigations
  Committee" with no mention of the term "computer-crime" -- the
  dreaded "C-word." FCIC, officially, is "an association of agencies
  rather than individuals;" unofficially, this field is small enough
  that the influence of individuals and individual expertise is
  paramount. Attendance is by invitation only, and most everyone in
  FCIC considers himself a prophet without honor in his own house.
  Again and again I heard this, with different terms but identical
  sentiments. "I'd been sitting in the wilderness talking to myself."
  "I was totally isolated." "I was desperate." "FCIC is the best thing
  there is about computer crime in America." "FCIC is what really
  works." "This is where you hear real people telling you what's
  really happening out there, not just lawyers picking nits." "We
  taught each other everything we knew."
  The sincerity of these statements convinces me that this is true.
  FCIC is the real thing and it is invaluable. It's also very sharply
  at odds with the rest of the traditions and power structure in
  American law enforcement. There probably hasn't been anything around
  as loose and go-getting as the FCIC since the start of the U.S.
  Secret Service in the 1860s. FCIC people are living like twenty-
  firstcentury people in a twentieth-century environment, and while
  there's a great deal to be said for that, there's also a great deal
  to be said against it, and those against it happen to control the
  budgets. I listened to two FCIC guys from Jersey compare life
  histories. One of them had been a biker in a fairly heavy- duty gang
  in the 1960s. "Oh, did you know so-and-so?" said the other guy from
  Jersey. "Big guy, heavyset?"
  "Yeah, I knew him."
  "Yeah, he was one of ours. He was our plant in the gang."
  "Really? Wow! Yeah, I knew him. Helluva guy."
  Thackeray reminisced at length about being tear-gassed blind in the
  November 1969 antiwar protests in Washington Circle, covering them
  for her college paper. "Oh yeah, I was there," said another cop.
  "Glad to hear that tear gas hit somethin'. Haw haw haw." He'd been
  so blind himself, he confessed, that later that day he'd arrested a
  small tree.
  FCIC are an odd group, sifted out by coincidence and necessity, and
  turned into a new kind of cop. There are a lot of specialized cops
  in the world -- your bunco guys, your drug guys, your tax guys, but
  the only group that matches FCIC for sheer isolation are probably
  the child-pornography people. Because they both deal with
  conspirators who are desperate to exchange forbidden data and also
  desperate to hide; and because nobody else in law enforcement even
  wants to hear about it.
  FCIC people tend to change jobs a lot. They tend not to get the
  equipment and training they want and need. And they tend to get sued
  quite often.
  As the night wore on and a band set up in the bar, the talk grew
  darker. Nothing ever gets done in government, someone opined, until
  there's a *disaster.* Computing disasters are awful, but there's no
  denying that they greatly help the credibility of FCIC people. The
  Internet Worm, for instance. "For years we'd been warning about that
  -but it's nothing compared to what's coming." They expect horrors,
  these people. They know that nothing will really get done until
  there is a horror.

                                   6.
  Next day we heard an extensive briefing from a guy who'd been a
  computer cop, gotten into hot water with an Arizona city council,
  and now installed computer networks for a living (at a considerable
  rise in pay). He talked about pulling fiber-optic networks apart.
  Even a single computer, with enough peripherals, is a literal
  "network" -- a bunch of machines all cabled together, generally with
  a complexity that puts stereo units to shame. FCIC people invent and
  publicize methods of seizing computers and maintaining their
  evidence. Simple things, sometimes, but vital rules of thumb for
  street cops, who nowadays often stumble across a busy computer in
  the midst of a drug investigation or a white-collar bust. For
  instance: Photograph the system before you touch it. Label the ends
  of all the cables before you detach anything. "Park" the heads on
  the disk drives before you move them. Get the diskettes. Don't put
  the diskettes in magnetic fields. Don't write on diskettes with
  ballpoint pens. Get the manuals. Get the printouts. Get the
  handwritten notes. Copy data before you look at it, and then examine
  the copy instead of the original. Now our lecturer distributed
  copied diagrams of a typical LAN or "Local Area Network", which
  happened to be out of Connecticut. *One hundred and fifty-nine*
  desktop computers, each with its own peripherals. Three "file
  servers." Five "star couplers" each with thirty-two ports. One
  sixteenport coupler off in the corner office. All these machines
  talking to each other, distributing electronic mail, distributing
  software, distributing, quite possibly, criminal evidence. All
  linked by highcapacity fiber- optic cable. A bad guy -- cops talk a
  lot about "bad guys" -- might be lurking on PC #47 or #123 and
  distributing his ill doings onto some dupe's "personal" machine in
  another office -- or another floor -- or, quite possibly, two or
  three miles away! Or, conceivably, the evidence might be "data-
  striped" -- split up into meaningless slivers stored, one by one, on
  a whole crowd of different disk drives.
  The lecturer challenged us for solutions. I for one was utterly
  clueless. As far as I could figure, the Cossacks were at the gate;
  there were probably more disks in this single building than were
  seized during the entirety of Operation Sundevil.
  "Inside informant," somebody said. Right. There's always the human
  angle, something easy to forget when contemplating the arcane
  recesses of high technology. Cops are skilled at getting people to
  talk, and computer people, given a chair and some sustained
  attention, will talk about their computers till their throats go
  raw. There's a case on record of a single question -- "How'd you do
  it?" -eliciting a forty-five-minute videotaped confession from a
  computer criminal who not only completely incriminated himself but
  drew helpful diagrams.
  Computer people talk. Hackers *brag.* Phonephreaks talk
  *pathologically* -- why else are they stealing phone-codes, if not
  to natter for ten hours straight to their friends on an opposite
  seaboard? Computer-literate people do in fact possess an arsenal of
  nifty gadgets and techniques that would allow them to conceal all
  kinds of exotic skullduggery, and if they could only *shut up* about
  it, they could probably get away with all manner of amazing
  information-crimes. But that's just not how it works -- or at least,
  that's not how it's worked *so far.*
  Most every phone-phreak ever busted has swiftly implicated his
  mentors, his disciples, and his friends. Most every white-collar
  computer-criminal, smugly convinced that his clever scheme is
  bulletproof, swiftly learns otherwise when, for the first time in
  his life, an actual no-kidding policeman leans over, grabs the front
  of his shirt, looks him right in the eye and says: "All right,
  *asshole* -- you and me are going downtown!" All the hardware in the
  world will not insulate your nerves from these actual real-life
  sensations of terror and guilt.
  Cops know ways to get from point A to point Z without thumbing
  through every letter in some smart-ass bad-guy's alphabet. Cops know
  how to cut to the chase. Cops know a lot of things other people
  don't know.
  Hackers know a lot of things other people don't know, too. Hackers
  know, for instance, how to sneak into your computer through the
  phone-lines. But cops can show up *right on your doorstep* and carry
  off *you* and your computer in separate steel boxes. A cop
  interested in hackers can grab them and grill them. A hacker
  interested in cops has to depend on hearsay, underground legends,
  and what cops are willing to publicly reveal. And the Secret Service
  didn't get named "the *Secret* Service" because they blab a lot.
  Some people, our lecturer informed us, were under the mistaken
  impression that it was "impossible" to tap a fiber-optic line. Well,
  he announced, he and his son had just whipped up a fiber-optic tap
  in his workshop at home. He passed it around the audience, along
  with a circuit-covered LAN plug-in card so we'd all recognize one if
  we saw it on a case. We all had a look.
  The tap was a classic "Goofy Prototype" -- a thumb-length rounded
  metal cylinder with a pair of plastic brackets on it. From one end
  dangled three thin black cables, each of which ended in a tiny black
  plastic cap. When you plucked the safety-cap off the end of a cable,
  you could see the glass fiber - no thicker than a pinhole.
  Our lecturer informed us that the metal cylinder was a "wavelength
  division multiplexer." Apparently, what one did was to cut the
  fiber-optic cable, insert two of the legs into the cut to complete
  the network again, and then read any passing data on the line by
  hooking up the third leg to some kind of monitor. Sounded simple
  enough. I wondered why nobody had thought of it before. I also
  wondered whether this guy's son back at the workshop had any teenage
  friends.
  We had a break. The guy sitting next to me was wearing a giveaway
  baseball cap advertising the Uzi submachine gun. We had a desultory
  chat about the merits of Uzis. Long a favorite of the Secret
  Service, it seems Uzis went out of fashion with the advent of the
  Persian Gulf War, our Arab allies taking some offense at Americans
  toting Israeli weapons. Besides, I was informed by another expert,
  Uzis jam. The equivalent weapon of choice today is the Heckler &
  Koch, manufactured in Germany.
  The guy with the Uzi cap was a forensic photographer. He also did a
  lot of photographic surveillance work in computer crime cases. He
  used to, that is, until the firings in Phoenix. He was now a private
  investigator and, with his wife, ran a photography salon
  specializing in weddings and portrait photos. At - - one must repeat
  -- a considerable rise in income. He was still FCIC. If you were
  FCIC, and you needed to talk to an expert about forensic
  photography, well, there he was, willing and able. If he hadn't
  shown up, people would have missed him.
  Our lecturer had raised the point that preliminary investigation of
  a computer system is vital before any seizure is undertaken. It's
  vital to understand how many machines are in there, what kinds there
  are, what kind of operating system they use, how many people use
  them, where the actual data itself is stored. To simply barge into
  an office demanding "all the computers" is a recipe for swift
  disaster.
  This entails some discreet inquiries beforehand. In fact, what it
  entails is basically undercover work. An intelligence operation.
  *Spying,* not to put too fine a point on it.
  In a chat after the lecture, I asked an attendee whether "trashing"
  might work.
  I received a swift briefing on the theory and practice of "trash
  covers." Police "trash covers," like "mail covers" or like wiretaps,
  require the agreement of a judge. This obtained, the "trashing" work
  of cops is just like that of hackers, only more so and much better
  organized. So much so, I was informed, that mobsters in Phoenix make
  extensive use of locked garbage cans picked up by a specialty high-
  security trash company.
  In one case, a tiger team of Arizona cops had trashed a local
  residence for four months. Every week they showed up on the
  municipal garbage truck, disguised as garbagemen, and carried the
  contents of the suspect cans off to a shade tree, where they combed
  through the garbage -- a messy task, especially considering that one
  of the occupants was undergoing kidney dialysis. All useful
  documents were cleaned, dried and examined. A discarded typewriter-
  ribbon was an especially valuable source of data, as its long
  onestrike ribbon of film contained the contents of every letter
  mailed out of the house. The letters were neatly retyped by a police
  secretary equipped with a large desk-mounted magnifying glass.
  There is something weirdly disquieting about the whole subject of
  "trashing" -- an unsuspected and indeed rather disgusting mode of
  deep personal vulnerability. Things that we pass by every day, that
  we take utterly for granted, can be exploited with so little work.
  Once discovered, the knowledge of these vulnerabilities tend to
  spread.
  Take the lowly subject of *manhole covers.* The humble manhole cover
  reproduces many of the dilemmas of computer-security in miniature.
  Manhole covers are, of course, technological artifacts, access-
  points to our buried urban infrastructure. To the vast majority of
  us, manhole covers are invisible. They are also vulnerable. For many
  years now, the Secret Service has made a point of caulking manhole
  covers along all routes of the Presidential motorcade. This is, of
  course, to deter terrorists from leaping out of underground ambush
  or, more likely, planting remote-control carsmashing bombs beneath
  the street.
  Lately, manhole covers have seen more and more criminal
  exploitation, especially in New York City. Recently, a telco in New
  York City discovered that a cable television service had been
  sneaking into telco manholes and installing cable service alongside
  the phone-lines -- *without paying royalties.* New York companies
  have also suffered a general plague of (a) underground copper cable
  theft; (b) dumping of garbage, including toxic waste, and (c) hasty
  dumping of murder victims.
  Industry complaints reached the ears of an innovative New England
  industrial-security company, and the result was a new product known
  as "the Intimidator," a thick titanium-steel bolt with a precisely
  machined head that requires a special device to unscrew. All these
  "keys" have registered serial numbers kept on file with the
  manufacturer. There are now some thousands of these "Intimidator"
  bolts being sunk into American pavements wherever our President
  passes, like some macabre parody of strewn roses. They are also
  spreading as fast as steel dandelions around US military bases and
  many centers of private industry.
  Quite likely it has never occurred to you to peer under a manhole
  cover, perhaps climb down and walk around down there with a
  flashlight, just to see what it's like. Formally speaking, this
  might be trespassing, but if you didn't hurt anything, and didn't
  make an absolute habit of it, nobody would really care. The freedom
  to sneak under manholes was likely a freedom you never intended to
  exercise.
  You now are rather less likely to have that freedom at all. You may
  never even have missed it until you read about it here, but if
  you're in New York City it's gone, and elsewhere it's likely going.
  This is one of the things that crime, and the reaction to crime,
  does to us.
  The tenor of the meeting now changed as the Electronic Frontier
  Foundation arrived. The EFF, whose personnel and history will be
  examined in detail in the next chapter, are a pioneering civil
  liberties group who arose in direct response to the Hacker Crackdown
  of 1990.
  Now Mitchell Kapor, the Foundation's president, and Michael Godwin,
  its chief attorney, were confronting federal law enforcement *mano a
  mano* for the first time ever. Ever alert to the manifold uses of
  publicity, Mitch Kapor and Mike Godwin had brought their own
  journalist in tow: Robert Draper, from Austin, whose recent
  wellreceived book about ROLLING STONE magazine was still on the
  stands. Draper was on assignment for TEXAS MONTHLY.
  The Steve Jackson/EFF civil lawsuit against the Chicago Computer
  Fraud and Abuse Task Force was a matter of considerable regional
  interest in Texas. There were now two Austinite journalists here on
  the case. In fact, counting Godwin (a former Austinite and former
  journalist) there were three of us. Lunch was like Old Home Week.
  Later, I took Draper up to my hotel room. We had a long frank talk
  about the case, networking earnestly like a miniature freelance-
  journo version of the FCIC: privately confessing the numerous
  blunders of journalists covering the story, and trying hard to
  figure out who was who and what the hell was really going on out
  there. I showed Draper everything I had dug out of the Hilton
  trashcan. We pondered the ethics of "trashing" for a while, and
  agreed that they were dismal. We also agreed that finding a SPRINT
  bill on your first time out was a heck of a coincidence.
  First I'd "trashed" -- and now, mere hours later, I'd bragged to
  someone else. Having entered the lifestyle of hackerdom, I was now,
  unsurprisingly, following its logic. Having discovered something
  remarkable through a surreptitious action, I of course *had* to
  "brag," and to drag the passing Draper into my iniquities. I felt I
  needed a witness. Otherwise nobody would have believed what I'd
  discovered....
  Back at the meeting, Thackeray cordially, if rather tentatively,
  introduced Kapor and Godwin to her colleagues. Papers were
  distributed. Kapor took center stage. The brilliant Bostonian high-
  tech entrepreneur, normally the hawk in his own administration and
  quite an effective public speaker, seemed visibly nervous, and
  frankly admitted as much. He began by saying he consided computer-
  intrusion to be morally wrong, and that the EFF was not a "hacker
  defense fund," despite what had appeared in print. Kapor chatted a
  bit about the basic motivations of his group, emphasizing their good
  faith and willingness to listen and seek common ground with law
  enforcement -- when, er, possible.
  Then, at Godwin's urging, Kapor suddenly remarked that EFF's own
  Internet machine had been "hacked" recently, and that EFF did not
  consider this incident amusing.
  After this surprising confession, things began to loosen up quite
  rapidly. Soon Kapor was fielding questions, parrying objections,
  challenging definitions, and juggling paradigms with something akin
  to his usual gusto.
  Kapor seemed to score quite an effect with his shrewd and skeptical
  analysis of the merits of telco "Caller-ID" services. (On this
  topic, FCIC and EFF have never been at loggerheads, and have no
  particular established earthworks to defend.) Caller-ID has
  generally been promoted as a privacy service for consumers, a
  presentation Kapor described as a "smokescreen," the real point of
  Caller-ID being to *allow corporate customers to build extensive
  commercial databases on everybody who phones or faxes them.*
  Clearly, few people in the room had considered this possibility,
  except perhaps for two late- arrivals from US WEST RBOC security,
  who chuckled nervously.
  Mike Godwin then made an extensive presentation on "Civil Liberties
  Implications of Computer Searches and Seizures." Now, at last, we
  were getting to the real nitty-gritty here, real political horse-
  trading. The audience listened with close attention, angry mutters
  rising occasionally: "He's trying to teach us our jobs!" "We've been
  thinking about this for years! We think about these issues every
  day!" "If I didn't seize the works, I'd be sued by the guy's
  victims!" "I'm violating the law if I leave ten thousand disks full
  of illegal *pirated software* and *stolen codes!*" "It's our job to
  make sure people don't trash the Constitution -- we're the
  *defenders* of the Constitution!" "We seize stuff when we know it
  will be forfeited anyway as restitution for the victim!"
  "If it's forfeitable, then don't get a search warrant, get a
  forfeiture warrant," Godwin suggested coolly. He further remarked
  that most suspects in computer crime don't *want* to see their
  computers vanish out the door, headed God knew where, for who knows
  how long. They might not mind a search, even an extensive search,
  but they want their machines searched on-site. "Are they gonna feed
  us?" somebody asked sourly. "How about if you take copies of the
  data?" Godwin parried.
  "That'll never stand up in court." "Okay, you make copies, give
  *them* the copies, and take the originals."
  Hmmm.
  Godwin championed bulletin-board systems as repositories of First
  Amendment protected free speech. He complained that federal
  computercrime training manuals gave boards a bad press, suggesting
  that they are hotbeds of crime haunted by pedophiles and crooks,
  whereas the vast majority of the nation's thousands of boards are
  completely innocuous, and nowhere near so romantically suspicious.
  People who run boards violently resent it when their systems are
  seized, and their dozens (or hundreds) of users look on in abject
  horror. Their rights of free expression are cut short. Their right
  to associate with other people is infringed. And their privacy is
  violated as their private electronic mail becomes police property.
  Not a soul spoke up to defend the practice of seizing boards. The
  issue passed in chastened silence. Legal principles aside -- (and
  those principles cannot be settled without laws passed or court
  precedents) -- seizing bulletin boards has become public-relations
  poison for American computer police.
  And anyway, it's not entirely necessary. If you're a cop, you can
  get 'most everything you need from a pirate board, just by using an
  inside informant. Plenty of vigilantes -- well, *concerned citizens*
  -will inform police the moment they see a pirate board hit their
  area (and will tell the police all about it, in such technical
  detail, actually, that you kinda wish they'd shut up). They will
  happily supply police with extensive downloads or printouts. It's
  *impossible* to keep this fluid electronic information out of the
  hands of police. Some people in the electronic community become
  enraged at the prospect of cops "monitoring" bulletin boards. This
  does have touchy aspects, as Secret Service people in particular
  examine bulletin boards with some regularity. But to expect
  electronic police to be deaf dumb and blind in regard to this
  particular medium rather flies in the face of common sense. Police
  watch television, listen to radio, read newspapers and magazines;
  why should the new medium of boards be different? Cops can exercise
  the same access to electronic information as everybody else. As we
  have seen, quite a few computer police maintain *their own* bulletin
  boards, including anti-hacker "sting" boards, which have generally
  proven quite effective.
  As a final clincher, their Mountie friends in Canada (and colleagues
  in Ireland and Taiwan) don't have First Amendment or American
  constitutional restrictions, but they do have phone lines, and can
  call any bulletin board in America whenever they please. The same
  technological determinants that play into the hands of hackers,
  phone phreaks and software pirates can play into the hands of
  police. "Technological determinants" don't have *any* human
  allegiances. They're not black or white, or Establishment or
  Underground, or pro-or-anti anything.
  Godwin complained at length about what he called "the Clever
  Hobbyist hypothesis" -- the assumption that the "hacker" you're
  busting is clearly a technical genius, and must therefore by
  searched with extreme thoroughness. So: from the law's point of
  view, why risk missing anything? Take the works. Take the guy's
  computer. Take his books. Take his notebooks. Take the electronic
  drafts of his love letters. Take his Walkman. Take his wife's
  computer. Take his dad's computer. Take his kid sister's computer.
  Take his employer's computer. Take his compact disks -- they *might*
  be CD-ROM disks, cunningly disguised as pop music. Take his laser
  printer -- he might have hidden something vital in the printer's
  5meg of memory. Take his software manuals and hardware
  documentation. Take his science-fiction novels and his
  simulationgaming books. Take his Nintendo Game-Boy and his Pac-Man
  arcade game. Take his answering machine, take his telephone out of
  the wall. Take anything remotely suspicious.
  Godwin pointed out that most "hackers" are not, in fact, clever
  genius hobbyists. Quite a few are crooks and grifters who don't have
  much in the way of technical sophistication; just some rule-of-thumb
  rip-off techniques. The same goes for most fifteenyear-olds who've
  downloaded a code-scanning program from a pirate board. There's no
  real need to seize everything in sight. It doesn't require an entire
  computer system and ten thousand disks to prove a case in court.
  What if the computer is the instrumentality of a crime? someone
  demanded.
  Godwin admitted quietly that the doctrine of seizing the
  instrumentality of a crime was pretty well established in the
  American legal system. The meeting broke up. Godwin and Kapor had to
  leave. Kapor was testifying next morning before the Massachusetts
  Department Of Public Utility, about ISDN narrowband wide-area
  networking.
  As soon as they were gone, Thackeray seemed elated. She had taken a
  great risk with this. Her colleagues had not, in fact, torn Kapor
  and Godwin's heads off. She was very proud of them, and told them
  so.
  "Did you hear what Godwin said about *instrumentality of a crime?*"
  she exulted, to nobody in particular. "Wow, that means *Mitch isn't
  going to sue me."

                                   7.
  America's computer police are an interesting group. As a social
  phenomenon they are far more interesting, and far more important,
  than teenage phone phreaks and computer hackers. First, they're
  older and wiser; not dizzy hobbyists with leaky morals, but seasoned
  adult professionals with all the responsibilities of public service.
  And, unlike hackers, they possess not merely *technical* power
  alone, but heavy-duty legal and social authority.
  And, very interestingly, they are just as much at sea in cyberspace
  as everyone else. They are not happy about this. Police are
  authoritarian by nature, and prefer to obey rules and precedents.
  (Even those police who secretly enjoy a fast ride in rough territory
  will soberly disclaim any "cowboy" attitude.) But in cyberspace
  there *are* no rules and precedents. They are groundbreaking
  pioneers, Cyberspace Rangers, whether they like it or not.
  In my opinion, any teenager enthralled by computers, fascinated by
  the ins and outs of computer security, and attracted by the lure of
  specialized forms of knowledge and power, would do well to forget
  all about "hacking" and set his (or her) sights on becoming a fed.
  Feds can trump hackers at almost every single thing hackers do,
  including gathering intelligence, undercover disguise, trashing,
  phone-tapping, building dossiers, networking, and infiltrating
  computer systems -*criminal* computer systems. Secret Service agents
  know more about phreaking, coding and carding than most phreaks can
  find out in years, and when it comes to viruses, break-ins, software
  bombs and trojan horses, Feds have direct access to red-hot
  confidential information that is only vague rumor in the
  underground.
  And if it's an impressive public rep you're after, there are few
  people in the world who can be so chillingly impressive as a well-
  trained, well-armed United States Secret Service agent. Of course, a
  few personal sacrifices are necessary in order to obtain that power
  and knowledge. First, you'll have the galling discipline of
  belonging to a large organization; but the world of computer crime
  is still so small, and so amazingly fast-moving, that it will remain
  spectacularly fluid for years to come. The second sacrifice is that
  you'll have to give up ripping people off. This is not a great loss.
  Abstaining from the use of illegal drugs, also necessary, will be a
  boon to your health.
  A career in computer security is not a bad choice for a young man or
  woman today. The field will almost certainly expand drastically in
  years to come. If you are a teenager today, by the time you become a
  professional, the pioneers you have read about in this book will be
  the grand old men and women of the field, swamped by their many
  disciples and successors. Of course, some of them, like William P.
  Wood of the 1865 Secret Service, may well be mangled in the whirring
  machinery of legal controversy; but by the time you enter the
  computer-crime field, it may have stabilized somewhat, while
  remaining entertainingly challenging.
  But you can't just have a badge. You have to win it. First, there's
  the federal law enforcement training. And it's hard -- it's a
  challenge. A real challenge -- not for wimps and rodents.
  Every Secret Service agent must complete gruelling courses at the
  Federal Law Enforcement Training Center. (In fact, Secret Service
  agents are periodically re-trained during their entire careers.) In
  order to get a glimpse of what this might be like, I myself
  travelled to FLETC.

                                   8.
  The Federal Law Enforcement Training Center is a 1500-acre facility
  on Georgia's Atlantic coast. It's a milieu of marshgrass, seabirds,
  damp, clinging sea-breezes, palmettos, mosquitos, and bats. Until
  1974, it was a Navy Air Base, and still features a working runway,
  and some WWII vintage blockhouses and officers' quarters. The Center
  has since benefitted by a forty-million-dollar retrofit, but there's
  still enough forest and swamp on the facility for the Border Patrol
  to put in tracking practice.
  As a town, "Glynco" scarcely exists. The nearest real town is
  Brunswick, a few miles down Highway 17, where I stayed at the aptly
  named Marshview Holiday Inn. I had Sunday dinner at a seafood
  restaurant called "Jinright's," where I feasted on deep-fried
  alligator tail. This local favorite was a heaped basket of bite-
  sized chunks of white, tender, almost fluffy reptile meat, steaming
  in a peppered batter crust. Alligator makes a culinary experience
  that's hard to forget, especially when liberally basted with
  homemade cocktail sauce from a Jinright squeeze-bottle.
  The crowded clientele were tourists, fishermen, local black folks in
  their Sunday best, and white Georgian locals who all seemed to bear
  an uncanny resemblance to Georgia humorist Lewis Grizzard. The 2,400
  students from 75 federal agencies who make up the FLETC population
  scarcely seem to make a dent in the low-key local scene. The
  students look like tourists, and the teachers seem to have taken on
  much of the relaxed air of the Deep South. My host was Mr. Carlton
  Fitzpatrick, the Program Coordinator of the Financial Fraud
  Institute. Carlton Fitzpatrick is a mustached, sinewy, well-tanned
  Alabama native somewhere near his late forties, with a fondness for
  chewing tobacco, powerful computers, and salty, down-home homilies.
  We'd met before, at FCIC in Arizona.
  The Financial Fraud Institute is one of the nine divisions at FLETC.
  Besides Financial Fraud, there's Driver & Marine, Firearms, and
  Physical Training. These are specialized pursuits. There are also
  five general training divisions: Basic Training, Operations,
  Enforcement Techniques, Legal Division, and Behavioral Science.
  Somewhere in this curriculum is everything necessary to turn green
  college graduates into federal agents. First they're given ID cards.
  Then they get the rather miserable-looking blue coveralls known as
  "smurf suits." The trainees are assigned a barracks and a cafeteria,
  and immediately set on FLETC's bone- grinding physical training
  routine. Besides the obligatory daily jogging -- (the trainers run
  up danger flags beside the track when the humidity rises high enough
  to threaten heat stroke) - there's the Nautilus machines, the
  martial arts, the survival skills....
  The eighteen federal agencies who maintain onsite academies at FLETC
  employ a wide variety of specialized law enforcement units, some of
  them rather arcane. There's Border Patrol, IRS Criminal
  Investigation Division, Park Service, Fish and Wildlife, Customs,
  Immigration, Secret Service and the Treasury's uniformed
  subdivisions.... If you're a federal cop and you don't work for the
  FBI, you train at FLETC. This includes people as apparently obscure
  as the agents of the Railroad Retirement Board Inspector General. Or
  the Tennessee Valley Authority Police, who are in fact federal
  police officers, and can and do arrest criminals on the federal
  property of the Tennessee Valley Authority.
  And then there are the computer-crime people. All sorts, all
  backgrounds. Mr. Fitzpatrick is not jealous of his specialized
  knowledge. Cops all over, in every branch of service, may feel a
  need to learn what he can teach. Backgrounds don't matter much.
  Fitzpatrick himself was originally a Border Patrol veteran, then
  became a Border Patrol instructor at FLETC. His Spanish is still
  fluent -- but he found himself strangely fascinated when the first
  computers showed up at the Training Center. Fitzpatrick did have a
  background in electrical engineering, and though he never considered
  himself a computer hacker, he somehow found himself writing useful
  little programs for this new and promising gizmo.
  He began looking into the general subject of computers and crime,
  reading Donn Parker's books and articles, keeping an ear cocked for
  war stories, useful insights from the field, the up-and-coming
  people of the local computer- crime and hightechnology units....
  Soon he got a reputation around FLETC as the resident "computer
  expert," and that reputation alone brought him more exposure, more
  experience -- until one day he looked around, and sure enough he
  *was* a federal computer-crime expert.
  In fact, this unassuming, genial man may be *the* federal computer-
  crime expert. There are plenty of very good computer people, and
  plenty of very good federal investigators, but the area where these
  worlds of expertise overlap is very slim. And Carlton Fitzpatrick
  has been right at the center of that since 1985, the first year of
  the Colluquy, a group which owes much to his influence.
  He seems quite at home in his modest, acoustic-tiled office, with
  its Ansel Adams-style Western photographic art, a gold-framed Senior
  Instructor Certificate, and a towering bookcase crammed with three-
  ring binders with ominous titles such as *Datapro Reports on
  Information Security* and *CFCA Telecom Security '90.*
  The phone rings every ten minutes; colleagues show up at the door to
  chat about new developments in locksmithing or to shake their heads
  over the latest dismal developments in the BCCI global banking
  scandal.
  Carlton Fitzpatrick is a fount of computer-crime war-stories,
  related in an acerbic drawl. He tells me the colorful tale of a
  hacker caught in California some years back. He'd been raiding
  systems, typing code without a detectable break, for twenty, twenty-
  four, thirty-six hours straight. Not just logged on -- *typing.*
  Investigators were baffled. Nobody could do that. Didn't he have to
  go to the bathroom? Was it some kind of automatic keyboard-whacking
  device that could actually type code?
  A raid on the suspect's home revealed a situation of astonishing
  squalor. The hacker turned out to be a Pakistani computer-science
  student who had flunked out of a California university. He'd gone
  completely underground as an illegal electronic immigrant, and was
  selling stolen phoneservice to stay alive. The place was not merely
  messy and dirty, but in a state of psychotic disorder. Powered by
  some weird mix of culture shock, computer addiction, and
  amphetamines, the suspect had in fact been sitting in front of his
  computer for a day and a half straight, with snacks and drugs at
  hand on the edge of his desk and a chamber-pot under his chair.
  Word about stuff like this gets around in the hacker-tracker
  community.
  Carlton Fitzpatrick takes me for a guided tour by car around the
  FLETC grounds. One of our first sights is the biggest indoor firing
  range in the world. There are federal trainees in there, Fitzpatrick
  assures me politely, blasting away with a wide variety of automatic
  weapons: Uzis, Glocks, AK-47s.... He's willing to take me inside. I
  tell him I'm sure that's really interesting, but I'd rather see his
  computers. Carlton Fitzpatrick seems quite surprised and pleased.
  I'm apparently the first journalist he's ever seen who has turned
  down the shooting gallery in favor of microchips.
  Our next stop is a favorite with touring Congressmen: the three-mile
  long FLETC driving range. Here trainees of the Driver & Marine
  Division are taught high-speed pursuit skills, setting and breaking
  road-blocks, diplomatic security driving for VIP limousines.... A
  favorite FLETC pastime is to strap a passing Senator into the
  passenger seat beside a Driver & Marine trainer, hit a hundred miles
  an hour, then take it right into "the skid-pan," a section of
  greased track where two tons of Detroit iron can whip and spin like
  a hockey puck.
  Cars don't fare well at FLETC. First they're rifled again and again
  for search practice. Then they do 25,000 miles of high-speed pursuit
  training; they get about seventy miles per set of steel-belted
  radials. Then it's off to the skid pan, where sometimes they roll
  and tumble headlong in the grease. When they're sufficiently grease-
  stained, dented, and creaky, they're sent to the roadblock unit,
  where they're battered without pity. And finally then they're
  sacrificed to the Bureau of Alcohol, Tobacco and Firearms, whose
  trainees learn the ins and outs of car-bomb work by blowing them
  into smoking wreckage.
  There's a railroad box-car on the FLETC grounds, and a large
  grounded boat, and a propless plane; all training-grounds for
  searches. The plane sits forlornly on a patch of weedy tarmac next
  to an eerie blockhouse known as the "ninja compound," where anti-
  terrorism specialists practice hostage rescues. As I gaze on this
  creepy paragon of modern low-intensity warfare, my nerves are
  jangled by a sudden staccato outburst of automatic weapons fire,
  somewhere in the woods to my right. "Ninemillimeter," Fitzpatrick
  judges calmly.
  Even the eldritch ninja compound pales somewhat compared to the
  truly surreal area known as "the raid-houses." This is a street
  lined on both sides with nondescript concrete-block houses with flat
  pebbled roofs. They were once officers' quarters. Now they are
  training grounds. The first one to our left, Fitzpatrick tells me,
  has been specially adapted for computer search-and-seizure practice.
  Inside it has been wired for video from top to bottom, with eighteen
  pan-and-tilt remotely controlled videocams mounted on walls and in
  corners. Every movement of the trainee agent is recorded live by
  teachers, for later taped analysis. Wasted movements, hesitations,
  possibly lethal tactical mistakes -- all are gone over in detail.
  Perhaps the weirdest single aspect of this building is its front
  door, scarred and scuffed all along the bottom, from the repeated
  impact, day after day, of federal shoe-leather.
  Down at the far end of the row of raid-houses some people are
  practicing a murder. We drive by slowly as some very young and
  rather nervouslooking federal trainees interview a heavyset bald man
  on the raid-house lawn. Dealing with murder takes a lot of practice;
  first you have to learn to control your own instinctive disgust and
  panic, then you have to learn to control the reactions of a
  nerveshredded crowd of civilians, some of whom may have just lost a
  loved one, some of whom may be murderers -- quite possibly both at
  once.
  A dummy plays the corpse. The roles of the bereaved, the morbidly
  curious, and the homicidal are played, for pay, by local Georgians:
  waitresses, musicians, most anybody who needs to moonlight and can
  learn a script. These people, some of whom are FLETC regulars year
  after year, must surely have one of the strangest jobs in the world.
  Something about the scene: "normal" people in a weird situation,
  standing around talking in bright Georgia sunshine, unsuccessfully
  pretending that something dreadful has gone on, while a dummy lies
  inside on faked bloodstains.... While behind this weird masquerade,
  like a nested set of Russian dolls, are grim future realities of
  real death, real violence, real murders of real people, that these
  young agents will really investigate, many times during their
  careers.... Over and over.... Will those anticipated murders look
  like this, feel like this -- not as "real" as these amateur actors
  are trying to make it seem, but both as "real," and as numbingly
  unreal, as watching fake people standing around on a fake lawn?
  Something about this scene unhinges me. It seems nightmarish to me,
  Kafkaesque. I simply don't know how to take it; my head is turned
  around; I don't know whether to laugh, cry, or just shudder.
  When the tour is over, Carlton Fitzpatrick and I talk about
  computers. For the first time cyberspace seems like quite a
  comfortable place. It seems very real to me suddenly, a place where
  I know what I'm talking about, a place I'm used to. It's real.
  "Real." Whatever.
  Carlton Fitzpatrick is the only person I've met in cyberspace
  circles who is happy with his present equipment. He's got a 5 Meg
  RAM PC with a 112 meg hard disk; a 660 meg's on the way. He's got a
  Compaq 386 desktop, and a Zenith 386 laptop with 120 meg. Down the
  hall is a NEC Multi-Sync 2A with a CD-ROM drive and a 9600 baud
  modem with four com-lines. There's a training minicomputer, and a
  10-meg local mini just for the Center, and a lab-full of student PC
  clones and half-a-dozen Macs or so. There's a Data General MV 2500
  with 8 meg on board and a 370 meg disk.
  Fitzpatrick plans to run a UNIX board on the Data General when he's
  finished beta-testing the software for it, which he wrote himself.
  It'll have E- mail features, massive files on all manner of
  computer-crime and investigation procedures, and will follow the
  computer-security specifics of the Department of Defense "Orange
  Book." He thinks it will be the biggest BBS in the federal
  government. Will it have *Phrack* on it? I ask wryly.
  Sure, he tells me. *Phrack,* *TAP,* *Computer Underground Digest,*
  all that stuff. With proper disclaimers, of course.
  I ask him if he plans to be the sysop. Running a system that size is
  very time-consuming, and Fitzpatrick teaches two three-hour courses
  every day.
  No, he says seriously, FLETC has to get its money worth out of the
  instructors. He thinks he can get a local volunteer to do it, a
  high-school student. He says a bit more, something I think about an
  Eagle Scout law-enforcement liaison program, but my mind has
  rocketed off in disbelief.
  "You're going to put a *teenager* in charge of a federal security
  BBS?" I'm speechless. It hasn't escaped my notice that the FLETC
  Financial Fraud Institute is the *ultimate* hacker-trashing target;
  there is stuff in here, stuff of such utter and consummate cool by
  every standard of the digital underground.... I imagine the hackers
  of my acquaintance, fainting dead-away from forbidden- knowledge
  greed-fits, at the mere prospect of cracking the superultra top-
  secret computers used to train the Secret Service in computer-
  crime....
  "Uhm, Carlton," I babble, "I'm sure he's a really nice kid and all,
  but that's a terrible temptation to set in front of somebody who's,
  you know, into computers and just starting out..."
  "Yeah," he says, "that did occur to me." For the first time I begin
  to suspect that he's pulling my leg.
  He seems proudest when he shows me an ongoing project called JICC,
  Joint Intelligence Control Council. It's based on the services
  provided by EPIC, the El Paso Intelligence Center, which supplies
  data and intelligence to the Drug Enforcement Administration, the
  Customs Service, the Coast Guard, and the state police of the four
  southern border states. Certain EPIC files can now be accessed by
  drug-enforcement police of Central America, South America and the
  Caribbean, who can also trade information among themselves. Using a
  telecom program called "White Hat," written by two brothers named
  Lopez from the Dominican Republic, police can now network
  internationally on inexpensive PCs. Carlton Fitzpatrick is teaching
  a class of drug-war agents from the Third World, and he's very proud
  of their progress. Perhaps soon the sophisticated smuggling networks
  of the Medellin Cartel will be matched by a sophisticated computer
  network of the Medellin Cartel's sworn enemies. They'll track boats,
  track contraband, track the international drug-lords who now leap
  over borders with great ease, defeating the police through the
  clever use of fragmented national jurisdictions.
  JICC and EPIC must remain beyond the scope of this book. They seem
  to me to be very large topics fraught with complications that I am
  not fit to judge. I do know, however, that the international,
  computer-assisted networking of police, across national boundaries,
  is something that Carlton Fitzpatrick considers very important, a
  harbinger of a desirable future. I also know that networks by their
  nature ignore physical boundaries. And I also know that where you
  put communications you put a community, and that when those
  communities become self-aware they will fight to preserve themselves
  and to expand their influence. I make no judgements whether this is
  good or bad. It's just cyberspace; it's just the way things are.
  I asked Carlton Fitzpatrick what advice he would have for a twenty-
  year- old who wanted to shine someday in the world of electronic law
  enforcement.
  He told me that the number one rule was simply not to be scared of
  computers. You don't need to be an obsessive "computer weenie," but
  you mustn't be buffaloed just because some machine looks fancy. The
  advantages computers give smart crooks are matched by the advantages
  they give smart cops. Cops in the future will have to enforce the
  law "with their heads, not their holsters." Today you can make good
  cases without ever leaving your office. In the future, cops who
  resist the computer revolution will never get far beyond walking a
  beat.
  I asked Carlton Fitzpatrick if he had some single message for the
  public; some single thing that he would most like the American
  public to know about his work.
  He thought about it while. "Yes," he said finally. "*Tell* me the
  rules, and I'll *teach* those rules!" He looked me straight in the
  eye. "I do the best that I can."


                             Brought to you
                                   by
                         _T_h_e_ _C_y_b_e_r_p_u_n_k_ _P_r_o_j_e_c_t